Page 1 sur 4

[OK] demande d'analyse de log

MessagePosté: 10 Mar 2010, 11:50
de nikko33
Bonjour,

symptômes:

-démarrage de windows très long
-ouvertures intempestives de fenêtres de pub (Mozilla)
-plantage de l'ordinateur

voici les rapports:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3846
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/03/2010 11:00:48
mbam-log-2010-03-10 (11-00-28).txt

Type de recherche: Examen rapide
Eléments examinés: 165878
Temps écoulé: 4 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wei0l8thpfgdcq- (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\wEI0l8tHpFGdCQ-.exe (Adware.Adrotator) -> No action taken.

MessagePosté: 10 Mar 2010, 11:51
de nikko33
OTL logfile created on: 10/03/2010 11:05:06 - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = G:\mozilla downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 67,66 Gb Free Space | 36,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 163,10 Gb Free Space | 35,02% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2-9972C5432
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 10:44:24 | 000,554,496 | ---- | M] (OldTimer Tools) -- G:\mozilla downloads\OTL.exe
PRC - [2010/03/07 15:11:10 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/07 15:11:09 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/07 15:11:09 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/07 15:11:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/07 15:11:04 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/07 15:11:03 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/07 15:10:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2010/01/16 04:14:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/07/29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/08 05:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE
PRC - [2004/03/12 21:43:18 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 10:44:24 | 000,554,496 | ---- | M] (OldTimer Tools) -- G:\mozilla downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NIHardwareService)
SRV - [2010/03/07 15:10:59 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/02/10 15:35:11 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/23 14:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/02/16 12:34:34 | 000,415,152 | ---- | M] (telechargement.fr) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ausyt.exe -- (pr2ausyt) Techniques audionumeriques en homestudio Drivers Auto Removal (pr2ausyt)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/07 15:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/07 15:11:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/07 15:11:26 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/07 15:11:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/26 13:49:08 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/12/26 13:49:08 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/09/23 14:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/08/16 23:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/28 15:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:34:16 | 000,069,304 | ---- | M] (telechargement.fr) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3ausyt.sys -- (pe3ausyt) Techniques audionumeriques en homestudio Environment Driver (pe3ausyt)
DRV - [2009/02/16 12:33:54 | 000,083,640 | ---- | M] (telechargement.fr) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pf2ausyt.sys -- (pf2ausyt) Techniques audionumeriques en homestudio File System Driver (pf2ausyt)
DRV - [2008/06/05 09:50:12 | 000,086,528 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2008/04/13 20:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/30 10:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/15 23:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/09/28 14:44:46 | 000,079,393 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1027.sys -- (RDID1027)
DRV - [2005/12/11 10:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/10/06 14:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2004/03/12 21:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004/03/12 21:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2002/09/16 18:07:24 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.fr/
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-616249376-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {74a734dd-b3a8-bc83-23f5-fcc9ce1134c0}:4.6.6.4
FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/07 15:10:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 12:24:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/09 12:24:29 | 000,000,000 | ---D | M]

[2009/09/11 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Extensions
[2010/03/09 15:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions
[2009/10/19 18:40:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 15:40:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/17 22:07:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/20 15:49:06 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\askcom.xml
[2009/10/17 13:49:05 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\bing.xml
[2009/12/22 12:56:47 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\MyStart.xml
[2010/01/14 12:21:03 | 000,009,985 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\mywebsearch.xml
[2010/02/20 17:18:28 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Mozilla\Firefox\Profiles\f07vxccg.default\searchplugins\Search.xml
[2010/03/09 15:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/20 17:23:41 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{74a734dd-b3a8-bc83-23f5-fcc9ce1134c0}
[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/10/02 17:16:28 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [Config] C:\WINDOWS\system32\run.cmd ()
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\System32\logonui.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\My Wallpapers\Default.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\My Wallpapers\Default.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/19 01:56:08 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/10 23:23:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 10:50:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/10 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/09 16:53:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
[2010/03/09 16:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Reaktor 5
[2010/03/09 16:24:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
[2010/03/08 22:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\AVG9
[2010/03/08 13:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDub
[2010/03/08 11:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\photos omnia
[2010/03/07 15:11:32 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/07 15:11:31 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/07 15:11:31 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/07 15:11:26 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/07 15:11:24 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/07 15:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/07 15:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/07 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/03/07 14:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2010/03/07 14:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Recent
[2010/03/07 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/07 13:40:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/07 13:40:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/07 13:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/07 13:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/06 14:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\photos A4
[2010/03/05 09:08:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Mes vidéos
[2010/03/05 09:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Facebook
[2010/02/21 20:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/21 20:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/02/21 16:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\foobar2000
[2010/02/21 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2010/02/20 17:30:36 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/20 17:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Mes documents\Simply Super Software
[2010/02/20 16:46:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/02/20 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/20 14:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\QuickScan
[2010/02/20 11:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2010/02/20 00:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MCompressor
[2010/02/19 14:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/10 15:35:13 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/02/10 15:35:12 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/02/10 15:35:11 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/02/09 19:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Xp_x86
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\w2k_x86
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_x86
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_ia64
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_amd64
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_x86
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_ia64
[2010/02/09 19:47:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_amd64
[2010/02/09 19:47:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti
[2010/02/09 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2009/09/11 21:02:53 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2009/09/11 21:02:53 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2009/02/10 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/30 14:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/09/06 19:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/31 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/19 00:28:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/19 00:23:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/19 00:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp files -> C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 11:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/03/10 10:49:01 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/10 10:47:04 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\ERUNT.lnk
[2010/03/10 10:24:18 | 000,673,051 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040688.JPG
[2010/03/10 00:38:46 | 056,950,137 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/09 16:53:25 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Reaktor 5.lnk
[2010/03/09 12:24:32 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk
[2010/03/09 11:08:39 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 21:53:51 | 000,250,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/08 21:53:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/08 21:52:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/08 14:28:33 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\NTUSER.DAT
[2010/03/08 14:28:33 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\ntuser.ini
[2010/03/08 14:28:27 | 009,209,502 | -H-- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\IconCache.db
[2010/03/08 13:45:28 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\VirtualDub.lnk
[2010/03/07 15:11:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/07 15:11:32 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG 9.0.lnk
[2010/03/07 15:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/07 15:11:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/07 15:11:26 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/07 15:11:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/07 15:11:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/07 14:07:38 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\CCleaner.lnk
[2010/03/07 13:40:31 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/07 13:25:01 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\HijackThis.lnk
[2010/03/07 09:37:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/06 20:36:40 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\FileZilla Client.lnk
[2010/02/21 20:51:16 | 000,000,370 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/20 17:23:41 | 000,118,375 | ---- | M] () -- C:\WINDOWS\System32\wEI0l8tHpFGdCQ-.exe
[2010/02/20 17:19:39 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/20 17:19:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/20 17:19:39 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010/02/20 16:25:13 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\eMule.lnk
[2010/02/20 16:03:15 | 000,000,094 | -HS- | M] () -- C:\WINDOWS\klif.spi
[2010/02/20 15:22:37 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/19 11:03:38 | 000,099,231 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040384.JPG
[2010/02/19 11:03:05 | 000,125,696 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040383.JPG
[2010/02/18 17:07:34 | 000,016,574 | ---- | M] () -- C:\WINDOWS\EPISMF00.SWB
[2010/02/18 16:46:43 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\Mirabello Nicolas.doc
[2010/02/18 10:34:16 | 001,273,856 | ---- | M] () -- C:\WINDOWS\System32\s-yf1D2MUl.dll
[2010/02/17 12:59:38 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Adobe Reader 9.lnk
[2010/02/15 17:54:54 | 087,114,295 | ---- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\nsonik-demo octobre 2009.mp3
[2010/02/10 15:35:13 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/02/10 15:35:11 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/02/10 15:35:07 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\TuneUp Maintenance en 1 clic.lnk
[2010/02/10 15:35:06 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\TuneUp Utilities 2009.lnk
[2010/02/08 18:37:29 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D25F423BE6.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp files -> C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/10 10:49:01 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/10 10:47:04 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\ERUNT.lnk
[2010/03/10 10:10:24 | 000,673,051 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040688.JPG
[2010/03/09 16:53:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Reaktor 5.lnk
[2010/03/09 12:24:32 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Mozilla Firefox.lnk
[2010/03/08 13:45:28 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\VirtualDub.lnk
[2010/03/07 15:11:32 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\AVG 9.0.lnk
[2010/03/07 15:11:24 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/07 15:11:18 | 056,950,137 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/07 14:07:38 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\CCleaner.lnk
[2010/03/07 13:40:31 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/07 13:24:52 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\HijackThis.lnk
[2010/02/21 20:51:15 | 000,000,370 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/20 17:18:27 | 000,118,375 | ---- | C] () -- C:\WINDOWS\System32\wEI0l8tHpFGdCQ-.exe
[2010/02/20 16:46:45 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/20 16:46:45 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/20 16:46:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/20 16:46:45 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/20 16:03:15 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\klif.spi
[2010/02/19 10:52:47 | 000,099,231 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040384.JPG
[2010/02/19 10:49:36 | 000,125,696 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\P1040383.JPG
[2010/02/18 16:46:43 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Bureau\Mirabello Nicolas.doc
[2010/02/18 10:34:16 | 001,273,856 | ---- | C] () -- C:\WINDOWS\System32\s-yf1D2MUl.dll
[2010/02/08 18:37:29 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D25F423BE6.sys
[2010/02/07 17:50:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D2AEB6BA.sys
[2010/02/07 17:32:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D291FA33FC.sys
[2010/02/07 17:31:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D272B730B3.sys
[2010/02/07 17:31:33 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D8910D51.sys
[2010/02/07 17:30:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2D8910D50.sys
[2010/02/07 17:23:26 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC5.dll
[2010/02/07 17:07:42 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D23E818710.sys
[2010/02/07 16:58:05 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D2C0ADD4DD.sys
[2009/12/24 12:49:39 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\default.rss
[2009/12/22 12:48:46 | 000,499,246 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/12/18 12:23:15 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_C92E1371-3DF5-4322-9729-82CC0DD90EC8.dll
[2009/12/18 12:23:08 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_496F4C99-60CC-4b9e-AC1B-FA060E643C30.dll
[2009/12/18 12:23:05 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_FB9AECF7-F56E-4c47-A862-8892AA545109.dll
[2009/12/18 12:22:58 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_F4F01109-B336-401f-BDE2-7C1926744122.dll
[2009/12/18 12:22:56 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iasna_82424970-0916-4145-974C-09EBC0BE67BF.dll
[2009/12/01 13:13:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D220543E20.sys
[2009/12/01 12:12:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\.6B0BC6D220543E1F.sys
[2009/11/26 06:31:39 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2009/11/07 15:02:07 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\default.pls
[2009/11/07 15:00:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/19 18:50:09 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/19 18:41:56 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/16 18:28:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/10/08 14:46:10 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/06 15:15:23 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/06 15:14:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2009/09/12 18:02:56 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1027.dll
[2009/09/12 16:40:02 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009/09/11 22:28:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2009/09/11 22:28:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/11 21:51:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/11 21:51:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/11 21:51:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/11 21:08:55 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/09/11 16:48:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/09/11 15:32:17 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/08/09 16:00:00 | 001,210,208 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandAutopanpresets.xml
[2009/08/09 16:00:00 | 000,919,437 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandVibratopresets.xml
[2009/08/09 16:00:00 | 000,886,643 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandRingModulatorpresets.xml
[2009/08/09 16:00:00 | 000,857,792 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandPhaserpresets.xml
[2009/08/09 16:00:00 | 000,614,095 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandTremolopresets.xml
[2009/08/09 16:00:00 | 000,335,546 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MReverbpresets.xml
[2009/08/09 16:00:00 | 000,244,500 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandWaveShaperpresets.xml
[2009/08/09 16:00:00 | 000,172,324 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MAnalyzerpresets.xml
[2009/08/09 16:00:00 | 000,140,966 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandDynamicspresets.xml
[2009/08/09 16:00:00 | 000,050,760 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MSpectralDynamicspresets.xml
[2009/08/09 16:00:00 | 000,026,438 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MDynamicspresets.xml
[2009/08/09 16:00:00 | 000,022,238 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MMultiBandLimiterpresets.xml
[2009/08/09 16:00:00 | 000,010,486 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MEqualizerLinearPhasepresets.xml
[2009/08/09 16:00:00 | 000,007,954 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MEqualizerpresets.xml
[2009/08/09 16:00:00 | 000,006,753 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MCompressorpresets.xml
[2009/08/09 16:00:00 | 000,005,160 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MWaveShaperpresets.xml
[2009/08/09 16:00:00 | 000,004,150 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MStereoProcessorpresets.xml
[2009/08/09 16:00:00 | 000,002,841 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MRingModulatorpresets.xml
[2009/08/09 16:00:00 | 000,002,615 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MPhaserpresets.xml
[2009/08/09 16:00:00 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MStereoExpanderpresets.xml
[2009/08/09 16:00:00 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MUltraMaximizerpresets.xml
[2009/08/09 16:00:00 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MVibratopresets.xml
[2009/08/09 16:00:00 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MTremolopresets.xml
[2009/08/09 16:00:00 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MAutopanpresets.xml
[2009/08/09 16:00:00 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MLimiterpresets.xml
[2006/11/08 06:41:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\8ddeb654.dll
[2006/02/01 14:41:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\41b10d68.dll
[2006/02/01 14:41:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\862606e3.dll
[2004/08/03 21:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/03/15 18:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2001/10/02 17:17:26 | 001,769,312 | ---- | C] () -- C:\WINDOWS\System32\winsock.dll

========== LOP Check ==========

[2009/12/16 14:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\4Front
[2010/01/11 12:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Ableton
[2010/03/08 22:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\AVG9
[2010/01/23 21:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\BitTorrent
[2009/10/06 16:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\EPSON
[2009/12/27 17:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\FabFilter
[2010/03/05 09:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Facebook
[2010/03/08 14:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\FileZilla
[2010/02/21 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\foobar2000
[2010/02/13 12:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\FXpansion
[2010/01/07 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Gena01
[2009/09/12 16:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\iZotope
[2009/10/20 00:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MAutoEqualizer
[2010/02/20 00:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MCompressor
[2010/01/28 23:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MMultiBandDynamics
[2009/10/25 18:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MMultiBandLimiter
[2010/01/28 23:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MStereoExpander
[2009/11/06 22:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MeldaProduction MStereoProcessor
[2009/10/20 00:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\MSPS
[2009/12/15 16:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\nView_Wallpaper
[2009/10/18 21:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Publish Providers
[2010/03/05 07:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\QuickScan
[2009/11/06 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Rapid Evolution 2
[2009/10/25 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Sony
[2009/10/16 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Sony Setup
[2009/12/19 19:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Steinberg
[2009/10/30 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\TuneUp Software
[2009/11/27 18:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\VirSyn Software Synthesizer
[2009/11/17 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\VitySoft
[2009/09/12 21:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\Waves Audio
[2009/11/06 13:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.XPSP2-9972C5432\Application Data\~LM00001.tmp
[2008/03/19 04:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2008/05/18 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AraldFX
[2009/04/09 10:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2008/09/30 12:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/09/30 12:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/06/25 10:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/10/08 12:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2008/06/10 20:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/08/11 18:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2008/03/19 12:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/03/19 01:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/04/30 20:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/08/11 18:13:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
[2009/08/11 18:12:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[2009/07/26 19:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/16 14:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\4Front
[2009/09/11 16:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
[2010/02/19 14:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/07 17:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Audio Damage
[2010/03/07 15:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2009/09/11 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cakewalk
[2010/01/07 21:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Doctor Web
[2010/03/07 14:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2009/12/01 16:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
[2010/01/04 21:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Native Instruments
[2009/12/21 23:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Note
[2009/12/01 22:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
[2009/12/27 17:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spectrasonics
[2009/12/19 19:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Steinberg
[2010/02/19 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/10/30 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2009/10/06 15:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2009/11/27 18:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VST3 Presets
[2009/11/27 01:27:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
[2009/10/30 23:10:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/17 00:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/09 16:53:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{A6CBE6A2-B738-440D-B19A-60D7C36810C7}
[2009/11/27 01:31:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
[2009/11/25 17:20:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2009/11/27 01:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
[2010/03/09 16:28:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
[2010/03/10 11:00:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2002/07/26 17:02:06 | 000,153,088 | ---- | M] () -- C:\UNWISE.EXE


<MD5>
[2005/10/12 09:33:32 | 022,340,731 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2005/10/12 09:33:32 | 022,340,731 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/11 17:12:02 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2004/08/19 15:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 15:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2004/08/19 15:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2008/05/09 11:55:00 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

MessagePosté: 10 Mar 2010, 11:52
de nikko33
suite


<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1205 bytes -> C:\Program Files\Fichiers communs\System:l4Zz2hqXdet4KgcGdmc23A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1139 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:iXjO1agiYovzNO82dt26o
@Alternate Data Stream - 1127 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uzzTC3PVg8HLqjtXTTPv26o
@Alternate Data Stream - 1109 bytes -> C:\Program Files\Outlook Express:aBnc0asnL7FPYnXQma
<End>

MessagePosté: 13 Mar 2010, 13:56
de nikko33
Extra

OTL Extras logfile created on: 10/03/2010 11:05:06 - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = G:\mozilla downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 67,66 Gb Free Space | 36,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 163,10 Gb Free Space | 35,02% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2-9972C5432
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\Program Files\Win32Pad\win32pad.exe (Gennady Feldman)

[HKEY_USERS\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Program Files\Win32Pad\win32pad.exe "%L" (Gennady Feldman)
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"25:TCP" = 25:TCP:*:Enabled:File and Printer Sharing
"3872:TCP" = 3872:TCP:*:Enabled:ojam
"8213:TCP" = 8213:TCP:*:Enabled:ojam

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\eMule.exe" = C:\Program Files\eMule\eMule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{017968af-0725-425c-bf12-570eb1e89ea6}" = Nero 9
"{044FC969-DD5E-4ED8-84E7-2C214E6F5B0B}" = NextUp-ScanSoft Sebastien French Voice
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1277BA1B-1D9E-45DD-840F-F877C1BF6A5A}" = NextUp-ScanSoft Steffi German Voice
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF7993C-23B1-4C91-B1F6-09D13C57A06A}_is1" = VirtualDub 1.9.6 Fr
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{337B6C6F-C7DC-4DB7-A9C5-FF4C725E0F38}" = NextUp-ScanSoft Virgine French Voice
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E0A8DD-4343-4B33-95C3-272A99F18984}" = Steinberg Nuendo 4
"{425FFD94-36BD-4933-881B-FE0B9DADF2B7}" = Ma-Config.com
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62F13B4D-FD48-4317-8E55-06DB7B397F49}_is1" = Catanya 1.0.1
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64522D5F-4743-4939-8E22-B1878FB68772}" = M-Audio FireWire Driver 6.0.1 (x86)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{799EFFD9-5A62-49D1-A6EA-AF058C5209EB}" = NextUp-ScanSoft Jennifer US English Voice
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F55748C-CCDB-4942-99F8-C221D7BD5C26}" = Nithonat
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.5.1
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8B7AED24-E1A6-41E5-A2E8-18ED56144208}" = String Machine
"{8DD0F820-3656-4AB3-A7F4-005CAA2D0897}_is1" = RDesc 2.24
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92E229B8-4B31-4A5F-A6A3-A7FDC87570CC}" = K-Tuner
"{92E9E482-F45A-4C10-B3B0-06C785826E74}" = LiquidInstrumentVst 1.0
"{92F027CB-BDF9-4047-A654-13A050908158}" = ElastikVst
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1E50F2C-F6CA-4C27-AEA7-819B2A486223}" = Steinberg Nuendo Expansion Kit
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2453C21-B185-437A-933D-EAFC19D0E2D2}" = LiquidInstrumentVst 1.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.1 - Français
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF2FA20-6886-483C-8CC6-3310A1A636E5}" = ElastikVst
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE916006-E144-44CF-B467-F733D0F86200}" = NextUp-ScanSoft Daniel British Voice
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B5C81-EBDF-44D6-896B-877B077276FC}" = PACE Anti-Piracy mergemodule for the x32 iLok USB Driver on x32 OS
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{D6E6B04E-0498-4794-B272-2EDE12E02837}_is1" = VirtualDub Plugin Pack 1.0.0.6 Fr
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
"{EE3A1D30-B97D-4EC0-BA65-EEE4131ECA9A}" = AirPlus XtremeG DWL-G520
"{EFE4C411-38D0-401E-B9D0-77173D7291F0}" = NextUp-ScanSoft Silvia Italian Voice
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE17ABC2-0B33-4B96-9B7B-FBE30F7829E4}" = PACE Anti-Piracy mergemodule for x32 TPkd for x32 OS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alchemy" = Alchemy
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ARP2600 V_is1" = ARP2600 V 1.2
"Arturia CS-80V_is1" = Arturia CS-80V v1.6
"Arturia minimoog V_is1" = Arturia minimoog V v1.6
"Arturia Prophet V VSTi RTAS_is1" = Arturia Prophet V VSTi RTAS v1.2.1
"AVG9Uninstall" = AVG 9.0
"BitTorrent" = BitTorrent
"bx_cleansweep Native_is1" = bx_cleansweep Native 1.0
"bx_control Native_is1" = bx_control Native 1.0.9
"bx_digital Native_is1" = bx_digital Native 1.1.3
"bx_hybrid Native_is1" = bx_hybrid Native 1.0.4
"bx_solo_is1" = bx_solo 1.0.4
"Cakewalk Rapture_is1" = Rapture 1.1
"Camel Audio Cameleon 5000 v1.7 VSTi" = Camel Audio Cameleon 5000 v1.7 VSTi
"CCleaner" = CCleaner
"DDDP_is1" = discoDSP Discovery Pro
"Devine Machine Lucifer_is1" = Devine Machine Lucifer VST v2.1
"Effectrix" = Effectrix
"Elysia mpressor VST RTAS_is1" = Elysia mpressor VST RTAS v1.0.2
"eMule" = eMule
"eMule Plus_is1" = eMule Plus 1.2e
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.0.2
"FabFilter Timeless VST RTAS_is1" = FabFilter Timeless VST RTAS v2.00
"FabFilter Twin VSTi RTAS_is1" = FabFilter Twin VSTi RTAS v2.01
"FabFilter Volcano VST RTAS_is1" = FabFilter Volcano VST RTAS v2.03
"FileZilla Client" = FileZilla Client 3.3.2
"GForce impOSCar v1.10 VSTi RTAS" = GForce impOSCar v1.10 VSTi RTAS
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"IrfanView" = IrfanView (remove only)
"iZotope Ozone 4_is1" = iZotope Ozone 4
"Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02
"Lawo Plug-In Collection VST_is1" = Lawo Plug-In Collection VST v1.0
"LineUp_is1" = LineUp v2.2
"Live 8.1.1" = Live 8.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minimonsta" = GForce - Minimonsta
"Mixed In Key" = Mixed In Key 2.5
"Monofilter3_is1" = Monofilter v3.2.9
"Moog Modular V 2_is1" = Moog Modular V 2.2
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Animated Circuits" = Native Instruments Reaktor Animated Circuits
"Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS" = Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
"Native_Instruments_Reaktor_v5_User_Library_SYNTHESIZERS_ADDON-PLZ" = Native_Instruments_Reaktor_v5_User_Library_SYNTHESIZERS_ADDON-PLZ
"Novation Bass-Station for Cubase SX3 VSTi v1.41" = Novation Bass-Station for Cubase SX3 VSTi v1.41
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Oddity" = GForce - Oddity
"Ohmboyz VST2" = OhmForce Ohmboyz VST2
"Orb" = Winamp Remote
"PhaseTwo VST plug-in" = PhaseTwo VST plug-in
"Predator_is1" = Rob Papen Predator V1.1.0
"Pro-sounds.Virus.Dream.Bank1" = Pro-sounds.Virus.Dream.Bank1
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi
"Replicant VST plug-in" = Replicant VST plug-in
"Rob Papen Albino 3" = Rob Papen Albino 3
"Rob Papen BLUE Version 1.7.0_is1" = Rob Papen BLUE Version 1.7.0
"Roger Nichols Digital SIGNATURE Bundle VST RTAS_is1" = Roger Nichols Digital SIGNATURE Bundle VST RTAS v1.9.3
"Slayer2 Demo_is1" = Slayer2 Demo 2.5
"Sonic Charge Synplant_is1" = Sonic Charge Synplant 1.0
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"SoundToys Native Effects V3_is1" = SoundToys Native Effects V3
"SSL LMC-1" = SSL LMC-1 v1.0
"SSL X-ISM" = SSL X-ISM v1.1
"SSL X-ORCISM" = SSL X-ORCISM v1.1
"Steinberg Xphraze" = Steinberg Xphraze
"Stereoizer_is1" = Stereoizer v2.7
"Stereoplacer_is1" = Stereoplacer v2.4
"Techniques audionumériques en homestudio_is1" = Techniques audionumériques en homestudio
"TextAloud MP3_is1" = TextAloud
"the Application_is1" = FLUID 1.01
"Thesys" = Thesys
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
"TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
"TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos_is1" = TruePianos 1.5.0
"TT Dynamic Range Meter_is1" = TT Dynamic Range Meter 1.0
"TubeOhm Vocoder VoxPopulus_is1" = TUBEOHM VOCODER
"TunerEx" = Nuton Tuner EX 2.0
"Update Service" = Update Service
"Vember Audio SURGE" = Vember Audio SURGE
"Visualizer1_9_is1" = Visualizer v1.9.0
"WaveLabPro" = WaveLab 6
"Waves Mercury Bundle" = Waves Mercury Bundle
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"wEI0l8tHpFGdCQ-" = LoudMo Contextual Ad Assistant
"Win32Pad" = Win32Pad 1.5.10
"Winamp" = Winamp
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
"Zero-G Vocal Forge" = Zero-G Vocal Forge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-616249376-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/01/2010 16:54:35 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:40 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:41 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:43 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:43 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:44 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:45 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:45 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:46 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/01/2010 16:54:46 | Computer Name = XPSP2-9972C5432 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

[ System Events ]
Error - 08/03/2010 08:57:23 | Computer Name = XPSP2-9972C5432 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service ImapiService
avec les arguments "-Service" pour démarrer le serveur : {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 08/03/2010 09:12:43 | Computer Name = XPSP2-9972C5432 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service ImapiService
avec les arguments "-Service" pour démarrer le serveur : {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 08/03/2010 09:29:45 | Computer Name = XPSP2-9972C5432 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Direct3D Progressive Mesh DLL.

Error - 08/03/2010 09:29:45 | Computer Name = XPSP2-9972C5432 | Source = Service Control Manager | ID = 7000
Description = Le service NIHardwareService n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 08/03/2010 09:43:52 | Computer Name = XPSP2-9972C5432 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service ImapiService
avec les arguments "-Service" pour démarrer le serveur : {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 08/03/2010 10:03:33 | Computer Name = XPSP2-9972C5432 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service ImapiService
avec les arguments "-Service" pour démarrer le serveur : {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 08/03/2010 16:53:28 | Computer Name = XPSP2-9972C5432 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Direct3D Progressive Mesh DLL.

Error - 08/03/2010 16:53:28 | Computer Name = XPSP2-9972C5432 | Source = Service Control Manager | ID = 7000
Description = Le service NIHardwareService n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 09/03/2010 11:24:47 | Computer Name = XPSP2-9972C5432 | Source = Service Control Manager | ID = 7000
Description = Le service NIHardwareService n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 09/03/2010 11:53:32 | Computer Name = XPSP2-9972C5432 | Source = Service Control Manager | ID = 7000
Description = Le service NIHardwareService n'a pas pu démarrer en raison de l'erreur :
%%2

[ TuneUp Events ]
Error - 24/11/2009 20:29:58 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-25 01:29:58', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\unins000.exe','2100',0)

Error - 24/11/2009 20:29:58 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-25 01:29:58', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','708',0)

Error - 07/03/2010 08:40:39 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 13:40:39', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3196',0)

Error - 07/03/2010 08:41:09 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 13:41:09', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2220',0)

Error - 07/03/2010 09:29:54 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 14:29:54', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','1440',0)

Error - 07/03/2010 09:30:04 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 14:30:04', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','2500',0)

Error - 07/03/2010 09:53:07 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 14:53:07', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','296',0)

Error - 07/03/2010 09:57:52 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 14:57:52', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','804',0)

Error - 08/03/2010 09:29:46 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-08 14:29:46', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','624',0)

Error - 08/03/2010 16:53:30 | Computer Name = XPSP2-9972C5432 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-08 21:53:30', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','616',0)


<End>

MessagePosté: 13 Mar 2010, 13:57
de nikko33
Apparemment j'avais mal posté mon log ODL :roll:

je pense que c'est corrigé...

MessagePosté: 14 Mar 2010, 01:56
de nickW
Bonsoir,

Nouvelles manips:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur")


Étape 1: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur l'un des liens ci-dessous:
http://eric71.geekstogo.com/tools/ToolBarSD.exe
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 2: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image AVG: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 3: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 4: OTL (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Cliquer sur le bouton None:
Image

Sélectionner les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

copy C:\WINDOWS\ServicePackFiles\i386\atapi.sys c:\atapi.sys /c



Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Puis cliquer sur le bouton Run Scan: Image

Lorsque l'outil a terminé (cela devrait être très rapide), il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,

MessagePosté: 14 Mar 2010, 16:52
de nikko33
Bonjour,

rapport Toolbar S&D


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : AVG Internet Security 9.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:186 Go (Free:74 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:162 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 14/03/2010|16:47 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Admin.XPSP2-9972C5432) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Admin.XPSP2-9972C5432) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(Admin.XPSP2-9972C5432) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.fr/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page Restore"="http://www.google.fr/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMIN~1.XPS\Application Data\BitTorrent\BitDefender Plus v10 + Keygen CORE + Patch.torrent
C:\DOCUME~1\ADMIN~1.XPS\Application Data\BitTorrent\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.incl.KeyGen-BEAT.rar.torrent
C:\DOCUME~1\ADMIN~1.XPS\Mes documents\Native Instruments\Shared Content\Sounds\Massive\Crack Pad.ksd



1 - "C:\ToolBar SD\TB_1.txt" - 14/03/2010|16:48 - Option : [1]

-----------\\ Fin du rapport a 16:48:01,87

MessagePosté: 14 Mar 2010, 16:53
de nikko33
et le rapport OTL

OTL logfile created on: 14/03/2010 16:49:11 - Run 2
OTL by OldTimer - Version 3.1.36.0 Folder = G:\mozilla downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186,31 Gb Total Space | 74,01 Gb Free Space | 39,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 162,89 Gb Free Space | 34,97% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPSP2-9972C5432
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


<rien>

< >

<copy>
1 fichier(s) copi‚(s).
<End>

MessagePosté: 16 Mar 2010, 01:14
de nickW
Bonsoir,

Pas vraiment malin de télécharger une suite de sécurité avec son crack! :twisted:
Quant aux autres cracks et keygens, ce ne sont que sources d'infection! :twisted:


La suite .....

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur")


Très important:
Supprimer OTL.exe qui se trouve dans le dossier G:\mozilla downloads

Télécharger la nouvelle version de OTL depuis:
http://oldtimer.geekstogo.com/OTL.exe
Enregistrer ce fichier sur le Bureau




Étape 1: OTL (de OldTimer), préparation du nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\

:Files
:\WINDOWS\System32\drivers\atapi.sys|c:\atapi.sys /replace

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: nikko33.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: OTL (de OldTimer), préparation de l'analyse
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
iaStor.sys
nvstor.sys
atapi.sys
AGP440.sys
/md5stop


Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom scan.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: nikko33.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 4: OTL (de OldTimer), nettoyage

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Run Fix: Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.

MessagePosté: 16 Mar 2010, 01:18
de nickW
Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.

Étape 5: Pas de processus de contrôle en temps réel
Si après le redémarrage le module résident de l'antivirus a été réactivé, il faut de nouveau le désactiver .
Image AVG: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 6: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 7: OTL (de OldTimer), analyse

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Faire un double clic dans la zone blanche située sous Custom Scans/Fixes Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier scan.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,