[OK] demande d'analyse de log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nikko33 » 16 Mar 2010, 18:03

Bonsoir,

voici le rapport de correction OTL

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "http://www3.iamwired.net/websearch.php?src=tops&search=" removed from browser.search.defaulturl
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
File C:\Program Files\MyWebSearch\bar\firefox not found.
========== FILES ==========
Error: Unable to interpret <WINDOWS> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Admin.XPSP2-9972C5432
->Temp folder emptied: 268904384 bytes
->Temporary Internet Files folder emptied: 180459345 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 53050405 bytes
->Flash cache emptied: 17814026 bytes

User: ADMIN~1~XPS

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.AUTORITE NT.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 428592 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.AUTORITE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.AUTORITE NT.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 357014 bytes

User: nico

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2133582 bytes
%systemroot%\System32 .tmp files removed: 3590656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 508159 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 514,00 mb


OTL by OldTimer - Version 3.1.37.2 log created on 03162010_173846

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nikko33 » 16 Mar 2010, 18:05

rapport Malwarebytes:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3873
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16/03/2010 17:47:25
mbam-log-2010-03-16 (17-47-25).txt

Type de recherche: Examen rapide
Eléments examinés: 166780
Temps écoulé: 3 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wei0l8thpfgdcq- (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\wEI0l8tHpFGdCQ-.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nikko33 » 16 Mar 2010, 18:07

Enfin le rapprot OTL:

OTL logfile created on: 16/03/2010 17:52:14 - Run 3
OTL by OldTimer - Version 3.1.37.2 Folder = G:\mozilla downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 75,49 Gb Free Space | 40,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 162,94 Gb Free Space | 34,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2-9972C5432
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/16 17:30:01 | 000,556,032 | ---- | M] (OldTimer Tools) -- G:\mozilla downloads\OTL.exe
PRC - [2010/03/07 15:11:10 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/07 15:11:09 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/07 15:11:09 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/07 15:11:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/07 15:11:04 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/07 15:11:03 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/07 15:10:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/01/16 04:14:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/07/29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/08 05:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE
PRC - [2004/03/12 21:43:18 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/16 17:30:01 | 000,556,032 | ---- | M] (OldTimer Tools) -- G:\mozilla downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NIHardwareService)
SRV - [2010/03/07 15:10:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/02/10 15:35:11 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/01/26 17:45:08 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/02/16 12:34:34 | 000,415,152 | ---- | M] (telechargement.fr) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ausyt.exe -- (pr2ausyt) Techniques audionumeriques en homestudio Drivers Auto Removal (pr2ausyt)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/07 15:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/07 15:11:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/07 15:11:26 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/07 15:11:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/11 14:28:26 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/26 13:49:08 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/12/26 13:49:08 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/08/16 23:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/28 15:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:34:16 | 000,069,304 | ---- | M] (telechargement.fr) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3ausyt.sys -- (pe3ausyt) Techniques audionumeriques en homestudio Environment Driver (pe3ausyt)
DRV - [2009/02/16 12:33:54 | 000,083,640 | ---- | M] (telechargement.fr) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pf2ausyt.sys -- (pf2ausyt) Techniques audionumeriques en homestudio File System Driver (pf2ausyt)
DRV - [2008/06/05 09:50:12 | 000,086,528 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/04/13 20:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/30 10:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/15 23:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/09/28 14:44:46 | 000,079,393 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1027.sys -- (RDID1027)
DRV - [2005/12/11 10:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/10/06 14:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2004/03/12 21:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004/03/12 21:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2002/09/16 18:07:24 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.fr/
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {74a734dd-b3a8-bc83-23f5-fcc9ce1134c0}:4.6.6.4
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/07 15:10:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 12:24:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/09 12:24:29 | 000,000,000 | ---D | M]

[2009/09/11 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Extensions
[2010/03/16 11:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions
[2009/10/19 18:40:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 15:40:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/17 22:07:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/20 15:49:06 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\askcom.xml
[2009/10/17 13:49:05 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\bing.xml
[2009/12/22 12:56:47 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\MyStart.xml
[2010/01/14 12:21:03 | 000,009,985 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\mywebsearch.xml
[2010/02/20 17:18:28 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\Search.xml
[2010/03/16 11:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/20 17:23:41 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{74a734dd-b3a8-bc83-23f5-fcc9ce1134c0}
[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/10/02 17:16:28 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\System32\logonui.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\My Wallpapers\Default.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\My Wallpapers\Default.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/19 01:56:08 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/10 23:23:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/14 16:49:12 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\ATAPI.SYS
[2010/03/14 16:46:35 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/03/12 19:10:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/12 15:41:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/03/12 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\Microsoft Corporation
[2010/03/12 15:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/03/10 10:50:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/10 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/10 09:38:40 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 16:53:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
[2010/03/09 16:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Reaktor 5
[2010/03/08 22:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\AVG9
[2010/03/08 13:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDub
[2010/03/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\photos omnia
[2010/03/07 15:11:32 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/07 15:11:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/07 15:11:31 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/07 15:11:26 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/07 15:11:24 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/07 15:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/07 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/07 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/03/07 14:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2010/03/07 14:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Recent
[2010/03/07 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/07 13:40:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/07 13:40:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/07 13:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/07 13:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/06 14:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\photos A4
[2010/03/05 09:08:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Mes vidéos
[2010/03/05 09:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Facebook
[2010/02/21 20:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/21 20:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/02/21 16:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\foobar2000
[2010/02/21 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2010/02/20 17:30:36 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/20 17:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Simply Super Software
[2010/02/20 16:46:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/20 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/20 14:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\QuickScan
[2010/02/20 11:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2010/02/20 00:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MCompressor
[2010/02/19 14:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/09/11 21:02:53 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2009/09/11 21:02:53 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2009/02/10 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/30 14:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/09/06 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/31 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/19 00:28:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/19 00:23:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/19 00:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp files -> C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/16 17:49:40 | 000,250,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/16 17:49:38 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/03/16 17:49:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 17:48:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 17:47:51 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\NTUSER.DAT
[2010/03/16 17:47:51 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\ntuser.ini
[2010/03/16 17:47:47 | 012,944,018 | -H-- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\IconCache.db
[2010/03/16 17:40:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/16 12:39:49 | 057,200,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/13 01:04:16 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\MP3GainGUI.lnk
[2010/03/10 10:49:01 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/10 10:47:04 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\ERUNT.lnk
[2010/03/10 10:24:18 | 000,673,051 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040688.JPG
[2010/03/09 16:53:25 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Reaktor 5.lnk
[2010/03/09 12:24:32 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk
[2010/03/09 11:08:39 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 13:45:28 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\VirtualDub.lnk
[2010/03/07 15:11:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/07 15:11:32 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG 9.0.lnk
[2010/03/07 15:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/07 15:11:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/07 15:11:26 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/07 15:11:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/07 15:11:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/07 14:07:38 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\CCleaner.lnk
[2010/03/07 13:40:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/07 13:25:01 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\HijackThis.lnk
[2010/03/06 20:36:40 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\FileZilla Client.lnk
[2010/02/21 20:51:16 | 000,000,370 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/20 17:19:39 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/20 17:19:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/20 17:19:39 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010/02/20 16:25:13 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\eMule.lnk
[2010/02/20 16:03:15 | 000,000,094 | -HS- | M] () -- C:\WINDOWS\klif.spi
[2010/02/20 15:22:37 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/19 11:03:38 | 000,099,231 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040384.JPG
[2010/02/19 11:03:05 | 000,125,696 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040383.JPG
[2010/02/18 17:07:34 | 000,016,574 | ---- | M] () -- C:\WINDOWS\EPISMF00.SWB
[2010/02/18 16:46:43 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\Mirabello Nicolas.doc
[2010/02/18 10:34:16 | 001,273,856 | ---- | M] () -- C:\WINDOWS\System32\s-yf1D2MUl.dll
[2010/02/17 12:59:38 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Adobe Reader 9.lnk
[2010/02/15 17:54:54 | 087,114,295 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\nsonik-demo octobre 2009.mp3
[1 C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp files -> C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 01:04:16 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\MP3GainGUI.lnk
[2010/03/10 10:49:01 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/10 10:47:04 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\ERUNT.lnk
[2010/03/10 10:10:24 | 000,673,051 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040688.JPG
[2010/03/09 16:53:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Reaktor 5.lnk
[2010/03/09 12:24:32 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk
[2010/03/08 13:45:28 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\VirtualDub.lnk
[2010/03/07 15:11:32 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG 9.0.lnk
[2010/03/07 15:11:24 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/07 15:11:18 | 057,200,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/07 14:07:38 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\CCleaner.lnk
[2010/03/07 13:40:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/07 13:24:52 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\HijackThis.lnk
[2010/02/21 20:51:15 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/20 16:46:45 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/20 16:46:45 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/20 16:46:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/20 16:46:45 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/20 16:03:15 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\klif.spi
[2010/02/19 10:52:47 | 000,099,231 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040384.JPG
[2010/02/19 10:49:36 | 000,125,696 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040383.JPG
[2010/02/18 16:46:43 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\Mirabello Nicolas.doc
[2010/02/18 10:34:16 | 001,273,856 | ---- | C] () -- C:\WINDOWS\System32\s-yf1D2MUl.dll
[2010/02/08 18:37:29 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D25F423BE6.sys
[2010/02/07 17:50:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D2AEB6BA.sys
[2010/02/07 17:32:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D291FA33FC.sys
[2010/02/07 17:31:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D272B730B3.sys
[2010/02/07 17:31:33 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D8910D51.sys
[2010/02/07 17:30:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D8910D50.sys
[2010/02/07 17:23:26 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC5.dll
[2010/02/07 17:07:42 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D23E818710.sys
[2010/02/07 16:58:05 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2C0ADD4DD.sys
[2009/12/24 12:49:39 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\default.rss
[2009/12/22 12:48:46 | 000,499,246 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/12/18 12:23:15 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC8.dll
[2009/12/18 12:23:08 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C30.dll
[2009/12/18 12:23:05 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545109.dll
[2009/12/18 12:22:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744122.dll
[2009/12/18 12:22:56 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67BF.dll
[2009/12/01 13:13:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D220543E20.sys
[2009/12/01 12:12:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D220543E1F.sys
[2009/11/26 06:31:39 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2009/11/07 15:02:07 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\default.pls
[2009/11/07 15:00:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/19 18:50:09 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/19 18:41:56 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/16 18:28:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/10/08 14:46:10 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 15:15:23 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/06 15:14:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2009/09/12 18:02:56 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1027.dll
[2009/09/12 16:40:02 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009/09/11 22:28:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2009/09/11 22:28:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/11 21:51:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/11 21:51:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/11 21:08:55 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/09/11 16:48:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/11 15:32:17 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/08/09 16:00:00 | 001,210,208 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandAutopanpresets.xml
[2009/08/09 16:00:00 | 000,919,437 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandVibratopresets.xml
[2009/08/09 16:00:00 | 000,886,643 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandRingModulatorpresets.xml
[2009/08/09 16:00:00 | 000,857,792 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandPhaserpresets.xml
[2009/08/09 16:00:00 | 000,614,095 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandTremolopresets.xml
[2009/08/09 16:00:00 | 000,335,546 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MReverbpresets.xml
[2009/08/09 16:00:00 | 000,244,500 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandWaveShaperpresets.xml
[2009/08/09 16:00:00 | 000,172,324 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MAnalyzerpresets.xml
[2009/08/09 16:00:00 | 000,140,966 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandDynamicspresets.xml
[2009/08/09 16:00:00 | 000,050,760 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MSpectralDynamicspresets.xml
[2009/08/09 16:00:00 | 000,026,438 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MDynamicspresets.xml
[2009/08/09 16:00:00 | 000,022,238 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandLimiterpresets.xml
[2009/08/09 16:00:00 | 000,010,486 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MEqualizerLinearPhasepresets.xml
[2009/08/09 16:00:00 | 000,007,954 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MEqualizerpresets.xml
[2009/08/09 16:00:00 | 000,006,753 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MCompressorpresets.xml
[2009/08/09 16:00:00 | 000,005,160 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MWaveShaperpresets.xml
[2009/08/09 16:00:00 | 000,004,150 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MStereoProcessorpresets.xml
[2009/08/09 16:00:00 | 000,002,841 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MRingModulatorpresets.xml
[2009/08/09 16:00:00 | 000,002,615 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MPhaserpresets.xml
[2009/08/09 16:00:00 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MStereoExpanderpresets.xml
[2009/08/09 16:00:00 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MUltraMaximizerpresets.xml
[2009/08/09 16:00:00 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MVibratopresets.xml
[2009/08/09 16:00:00 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MTremolopresets.xml
[2009/08/09 16:00:00 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MAutopanpresets.xml
[2009/08/09 16:00:00 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MLimiterpresets.xml
[2006/11/08 06:41:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\8ddeb654.dll
[2006/02/01 14:41:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\41b10d68.dll
[2006/02/01 14:41:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\862606e3.dll
[2004/08/03 21:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/03/15 18:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2001/10/02 17:17:26 | 001,769,312 | ---- | C] () -- C:\WINDOWS\System32\winsock.dll

========== Custom Scans ==========


<SYSTEMDRIVE>
[2002/07/26 17:02:06 | 000,153,088 | ---- | M] () -- C:\UNWISE.EXE


<MD5>
[2005/10/12 09:33:32 | 022,340,731 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2005/10/12 09:33:32 | 022,340,731 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ATAPI.SYS
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1205 bytes -> C:\Program Files\Fichiers communs\System:l4Zz2hqXdet4KgcGdmc23A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1109 bytes -> C:\Program Files\Outlook Express:aBnc0asnL7FPYnXQma
<End>
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nikko33 » 16 Mar 2010, 18:16

En ce qui concerne l'état du pc il n'y a plus de plantage et je ne vois pas d'aggravation d'infection. Par contre j'ai toujours les mêmes pub qui surviennent dans FIREFOX et le démarrage de l'ordinateur reste assez long.

Merci
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nickW » 17 Mar 2010, 01:51

Bonsoir,

Encore un effort .....

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur")


Étape 1: OTL (de OldTimer), préparation du nettoyage

Supprimer le fichier fix.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:Processes
explorer.exe
firefox.exe

:otl
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="
[2009/10/20 15:49:06 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\askcom.xml
[2009/12/22 12:56:47 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\MyStart.xml
[2010/01/14 12:21:03 | 000,009,985 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\mywebsearch.xml
[2010/02/20 17:18:28 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\Search.xml

:Files
C:\WINDOWS\System32\drivers\atapi.sys|c:\atapi.sys /replace

:Commands
[reboot]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: nikko33.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 3: OTL (de OldTimer), nettoyage

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Run Fix: Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 17 Mar 2010, 01:53

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.

Étape 4: Pas de processus de contrôle en temps réel
Si après le redémarrage le module résident de l'antivirus a été réactivé, il faut de nouveau le désactiver .
Image AVG: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 5: OTL (de OldTimer), analyse

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Faire un double clic dans la zone blanche située sous Custom Scans/Fixes Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier scan.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Cliquer sur le bouton Quick Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nikko33 » 17 Mar 2010, 11:43

Salut,

voici le rapport de correction:

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully!
Process firefox.exe killed successfully!
========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "http://www3.iamwired.net/websearch.php?src=tops&search=" removed from keyword.URL
C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\MyStart.xml moved successfully.
C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\mywebsearch.xml moved successfully.
C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\Search.xml moved successfully.
========== FILES ==========
File C:\WINDOWS\System32\drivers\atapi.sys successfully replaced with c:\atapi.sys
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.37.2 log created on 03172010_113345

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nikko33 » 17 Mar 2010, 11:44

et le rapport OTL:

OTL logfile created on: 17/03/2010 11:39:05 - Run 4
OTL by OldTimer - Version 3.1.37.2 Folder = G:\mozilla downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 74,63 Gb Free Space | 40,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 162,93 Gb Free Space | 34,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2-9972C5432
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/16 17:30:01 | 000,556,032 | ---- | M] (OldTimer Tools) -- G:\mozilla downloads\OTL.exe
PRC - [2010/03/07 15:11:10 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/07 15:11:09 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/07 15:11:09 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/07 15:11:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/07 15:11:04 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/07 15:11:03 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/07 15:10:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/01/16 04:14:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/07/29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/08 05:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE
PRC - [2004/03/12 21:43:18 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/16 17:30:01 | 000,556,032 | ---- | M] (OldTimer Tools) -- G:\mozilla downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NIHardwareService)
SRV - [2010/03/07 15:10:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/02/10 15:35:11 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/01/26 17:45:08 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/02/16 12:34:34 | 000,415,152 | ---- | M] (telechargement.fr) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ausyt.exe -- (pr2ausyt) Techniques audionumeriques en homestudio Drivers Auto Removal (pr2ausyt)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.fr/
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {74a734dd-b3a8-bc83-23f5-fcc9ce1134c0}:4.6.6.4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/07 15:10:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 12:24:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/09 12:24:29 | 000,000,000 | ---D | M]

[2009/09/11 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Extensions
[2010/03/16 11:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions
[2009/10/19 18:40:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 15:40:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/17 22:07:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/17 13:49:05 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\bing.xml
[2010/03/16 11:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/20 17:23:41 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{74a734dd-b3a8-bc83-23f5-fcc9ce1134c0}
[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/10/02 17:16:28 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\System32\logonui.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\My Wallpapers\Default.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\My Wallpapers\Default.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/19 01:56:08 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/10 23:23:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/03/16 18:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Yieldmanagercookie Removal Tool
[2010/03/14 16:46:35 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/03/12 15:41:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/03/12 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\Microsoft Corporation
[2010/03/12 15:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/03/10 10:50:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/10 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/09 16:53:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
[2010/03/09 16:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Reaktor 5
[2010/03/08 22:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\AVG9
[2010/03/08 13:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDub
[2010/03/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\photos omnia
[2010/03/07 15:11:32 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/07 15:11:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/07 15:11:31 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/07 15:11:26 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/07 15:11:24 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/07 15:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/07 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/07 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/03/07 14:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2010/03/07 14:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Recent
[2010/03/07 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/07 13:40:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/07 13:40:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/07 13:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/07 13:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/06 14:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\photos A4
[2010/03/05 09:08:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Mes vidéos
[2010/03/05 09:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Facebook
[2009/09/11 21:02:53 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2009/09/11 21:02:53 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2009/02/10 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/30 14:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/09/06 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/31 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/19 00:28:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/19 00:23:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/19 00:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp files -> C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/17 11:35:57 | 000,250,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/17 11:35:53 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/03/17 11:35:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/17 11:35:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/17 11:33:53 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\NTUSER.DAT
[2010/03/17 11:33:53 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\ntuser.ini
[2010/03/17 00:38:47 | 057,226,308 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/16 17:47:47 | 012,944,018 | -H-- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\IconCache.db
[2010/03/16 17:40:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 01:04:16 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\MP3GainGUI.lnk
[2010/03/10 10:49:01 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/10 10:47:04 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\ERUNT.lnk
[2010/03/10 10:24:18 | 000,673,051 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040688.JPG
[2010/03/09 16:53:25 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Reaktor 5.lnk
[2010/03/09 12:24:32 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk
[2010/03/09 11:08:39 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 13:45:28 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\VirtualDub.lnk
[2010/03/07 15:11:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/07 15:11:32 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG 9.0.lnk
[2010/03/07 15:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/07 15:11:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/07 15:11:26 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/07 15:11:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/07 15:11:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/07 14:07:38 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\CCleaner.lnk
[2010/03/07 13:40:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/07 13:25:01 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\HijackThis.lnk
[2010/03/06 20:36:40 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\FileZilla Client.lnk
[1 C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp files -> C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 01:04:16 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\MP3GainGUI.lnk
[2010/03/10 10:49:01 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/10 10:47:04 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\ERUNT.lnk
[2010/03/10 10:10:24 | 000,673,051 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040688.JPG
[2010/03/09 16:53:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Reaktor 5.lnk
[2010/03/09 12:24:32 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk
[2010/03/08 13:45:28 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\VirtualDub.lnk
[2010/03/07 15:11:32 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG 9.0.lnk
[2010/03/07 15:11:24 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/07 15:11:18 | 057,226,308 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/07 14:07:38 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\CCleaner.lnk
[2010/03/07 13:40:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/07 13:24:52 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\HijackThis.lnk
[2010/02/21 20:51:15 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/20 16:46:45 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/20 16:46:45 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/20 16:46:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/20 16:46:45 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/18 10:34:16 | 001,273,856 | ---- | C] () -- C:\WINDOWS\System32\s-yf1D2MUl.dll
[2010/02/08 18:37:29 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D25F423BE6.sys
[2010/02/07 17:50:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D2AEB6BA.sys
[2010/02/07 17:32:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D291FA33FC.sys
[2010/02/07 17:31:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D272B730B3.sys
[2010/02/07 17:31:33 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D8910D51.sys
[2010/02/07 17:30:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D8910D50.sys
[2010/02/07 17:23:26 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC5.dll
[2010/02/07 17:07:42 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D23E818710.sys
[2010/02/07 16:58:05 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2C0ADD4DD.sys
[2009/12/24 12:49:39 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\default.rss
[2009/12/22 12:48:46 | 000,499,246 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/12/18 12:23:15 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC8.dll
[2009/12/18 12:23:08 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C30.dll
[2009/12/18 12:23:05 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545109.dll
[2009/12/18 12:22:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744122.dll
[2009/12/18 12:22:56 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67BF.dll
[2009/12/01 13:13:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D220543E20.sys
[2009/12/01 12:12:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D220543E1F.sys
[2009/11/26 06:31:39 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2009/11/07 15:02:07 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\default.pls
[2009/11/07 15:00:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/19 18:50:09 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/19 18:41:56 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/16 18:28:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/10/08 14:46:10 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 15:15:23 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/06 15:14:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2009/09/12 18:02:56 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1027.dll
[2009/09/12 16:40:02 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009/09/11 22:28:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2009/09/11 22:28:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/11 21:51:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/11 21:51:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/11 21:08:55 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/09/11 16:48:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/11 15:32:17 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/08/09 16:00:00 | 001,210,208 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandAutopanpresets.xml
[2009/08/09 16:00:00 | 000,919,437 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandVibratopresets.xml
[2009/08/09 16:00:00 | 000,886,643 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandRingModulatorpresets.xml
[2009/08/09 16:00:00 | 000,857,792 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandPhaserpresets.xml
[2009/08/09 16:00:00 | 000,614,095 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandTremolopresets.xml
[2009/08/09 16:00:00 | 000,335,546 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MReverbpresets.xml
[2009/08/09 16:00:00 | 000,244,500 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandWaveShaperpresets.xml
[2009/08/09 16:00:00 | 000,172,324 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MAnalyzerpresets.xml
[2009/08/09 16:00:00 | 000,140,966 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandDynamicspresets.xml
[2009/08/09 16:00:00 | 000,050,760 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MSpectralDynamicspresets.xml
[2009/08/09 16:00:00 | 000,026,438 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MDynamicspresets.xml
[2009/08/09 16:00:00 | 000,022,238 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandLimiterpresets.xml
[2009/08/09 16:00:00 | 000,010,486 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MEqualizerLinearPhasepresets.xml
[2009/08/09 16:00:00 | 000,007,954 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MEqualizerpresets.xml
[2009/08/09 16:00:00 | 000,006,753 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MCompressorpresets.xml
[2009/08/09 16:00:00 | 000,005,160 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MWaveShaperpresets.xml
[2009/08/09 16:00:00 | 000,004,150 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MStereoProcessorpresets.xml
[2009/08/09 16:00:00 | 000,002,841 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MRingModulatorpresets.xml
[2009/08/09 16:00:00 | 000,002,615 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MPhaserpresets.xml
[2009/08/09 16:00:00 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MStereoExpanderpresets.xml
[2009/08/09 16:00:00 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MUltraMaximizerpresets.xml
[2009/08/09 16:00:00 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MVibratopresets.xml
[2009/08/09 16:00:00 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MTremolopresets.xml
[2009/08/09 16:00:00 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MAutopanpresets.xml
[2009/08/09 16:00:00 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MLimiterpresets.xml
[2006/11/08 06:41:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\8ddeb654.dll
[2006/02/01 14:41:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\41b10d68.dll
[2006/02/01 14:41:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\862606e3.dll
[2004/08/03 21:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/03/15 18:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2001/10/02 17:17:26 | 001,769,312 | ---- | C] () -- C:\WINDOWS\System32\winsock.dll

========== LOP Check ==========

[2009/12/16 14:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\4Front
[2010/01/11 12:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Ableton
[2010/03/08 22:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\AVG9
[2010/01/23 21:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\BitTorrent
[2009/10/06 16:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\EPSON
[2009/12/27 17:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\FabFilter
[2010/03/05 09:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Facebook
[2010/03/12 15:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\FileZilla
[2010/02/21 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\foobar2000
[2010/02/13 12:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\FXpansion
[2010/01/07 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Gena01
[2009/09/12 16:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iZotope
[2009/10/20 00:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MAutoEqualizer
[2010/02/20 00:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MCompressor
[2010/01/28 23:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MMultiBandDynamics
[2009/10/25 18:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MMultiBandLimiter
[2010/01/28 23:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MStereoExpander
[2009/11/06 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MStereoProcessor
[2009/10/20 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MSPS
[2009/12/15 16:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\nView_Wallpaper
[2009/10/18 21:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Publish Providers
[2010/03/05 07:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\QuickScan
[2009/11/06 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Rapid Evolution 2
[2009/10/25 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Sony
[2009/10/16 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Sony Setup
[2009/12/19 19:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Steinberg
[2009/10/30 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\TuneUp Software
[2009/11/27 18:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\VirSyn Software Synthesizer
[2009/11/17 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\VitySoft
[2009/09/12 21:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Waves Audio
[2009/11/06 13:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\~LM00001.tmp
[2008/03/19 04:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2008/05/18 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AraldFX
[2009/04/09 10:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2008/09/30 12:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/09/30 12:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/06/25 10:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/10/08 12:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2008/06/10 20:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/08/11 18:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2008/03/19 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/03/19 01:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/04/30 20:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/08/11 18:13:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
[2009/08/11 18:12:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[2009/07/26 19:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/16 14:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\4Front
[2009/09/11 16:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
[2010/02/19 14:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/07 17:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Audio Damage
[2010/03/07 15:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/09/11 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cakewalk
[2010/01/07 21:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Doctor Web
[2010/03/07 14:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2010/03/10 11:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
[2010/01/04 21:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Native Instruments
[2009/12/21 23:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Note
[2009/12/01 22:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
[2009/12/27 17:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spectrasonics
[2009/12/19 19:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Steinberg
[2010/02/19 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/10/30 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2009/10/06 15:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2009/11/27 18:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VST3 Presets
[2009/11/27 01:27:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
[2009/10/30 23:10:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/17 00:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/09 16:53:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
[2009/11/27 01:31:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
[2009/11/25 17:20:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2009/11/27 01:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
[2010/03/17 11:35:53 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2002/07/26 17:02:06 | 000,153,088 | ---- | M] () -- C:\UNWISE.EXE


<MD5>
[2005/10/12 09:33:32 | 022,340,731 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2005/10/12 09:33:32 | 022,340,731 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ATAPI.SYS
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1205 bytes -> C:\Program Files\Fichiers communs\System:l4Zz2hqXdet4KgcGdmc23A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1139 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:iXjO1agiYovzNO82dt26o
@Alternate Data Stream - 1127 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uzzTC3PVg8HLqjtXTTPv26o
@Alternate Data Stream - 1109 bytes -> C:\Program Files\Outlook Express:aBnc0asnL7FPYnXQma
<End>
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nikko33 » 17 Mar 2010, 11:53

Je posterais en fin de journée pour te dire si les fenêtres de pub reviennent mais pour l'instant ça a l'air bon...Concernant le démarrage ça n'est peut être pas du à un virus...

Je me souviens avoir mis des Trojans en quarantaine avec AVG, faut il les restaurer pour que tu puisse les trouver?

@+
nikko33
 
Messages: 25
Inscription: 10 Mar 2010, 11:06

Messagede nickW » 20 Mar 2010, 01:46

Bonsoir,


Pas de nouvelles?????


La suite ...

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur")


Étape 1: OTL (de OldTimer), préparation du nettoyage

Supprimer le fichier fix.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:Processes
explorer.exe

:otl
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1205 bytes -> C:\Program Files\Fichiers communs\System:l4Zz2hqXdet4KgcGdmc23A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1139 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:iXjO1agiYovzNO82dt26o
@Alternate Data Stream - 1127 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uzzTC3PVg8HLqjtXTTPv26o
@Alternate Data Stream - 1109 bytes -> C:\Program Files\Outlook Express:aBnc0asnL7FPYnXQma

:Commands
[reboot]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: nikko33.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 3: OTL (de OldTimer), nettoyage

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Run Fix: Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 4: OTL (de OldTimer), analyse rapide

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 12 invités