[OK] Demande d'analyse, merci

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Demande d'analyse, merci

Messagede jasjasjas » 21 Mar 2010, 01:51

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3888
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/03/2010 01:31:53
mbam-log-2010-03-21 (01-31-46).txt

Type de recherche: Examen rapide
Eléments examinés: 165627
Temps écoulé: 5 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 141

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Nath\Application Data\Hotbar (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\IESkins (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\HostOI (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\HostOI\dynamic (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\HostOI\static (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\HostOL (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\HostOL\dynamic (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\HostOL\static (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\1 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> No action taken.
C:\Program Files\Winsudate (Adware.Gibmedia) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\803618.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032954 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11208 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42013 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\361e.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Nath\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> No action taken.
C:\remote.ini (Malware.Trace) -> No action taken.
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

OTL.txt

Messagede jasjasjas » 21 Mar 2010, 01:52

OTL logfile created on: 21/03/2010 01:37:38 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\assaad\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,51 Gb Total Space | 7,88 Gb Free Space | 11,85% Space Free | Partition Type: NTFS
Drive D: | 8,01 Gb Total Space | 1,81 Gb Free Space | 22,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232,88 Gb Total Space | 147,07 Gb Free Space | 63,15% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP66331861920
Current User Name: assaad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/21 00:54:52 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\assaad\Bureau\OTL.exe
PRC - [2010/03/20 21:17:14 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
PRC - [2010/03/20 21:17:13 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32.exe
PRC - [2010/03/20 21:15:00 | 000,707,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\FSPC\fspc.exe
PRC - [2010/03/20 21:12:06 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
PRC - [2010/03/20 21:12:05 | 000,348,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
PRC - [2009/08/16 13:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/14 13:29:58 | 000,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsus.exe
PRC - [2009/04/06 16:35:58 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
PRC - [2009/04/06 16:34:18 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Common\FSMB32.EXE
PRC - [2009/04/06 16:34:16 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
PRC - [2009/04/06 16:34:14 | 000,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
PRC - [2009/04/06 16:34:12 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Common\FCH32.EXE
PRC - [2009/04/06 16:34:10 | 000,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Common\FAMEH32.EXE
PRC - [2009/04/06 16:32:52 | 000,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\FSGUI\fsguidll.exe
PRC - [2009/04/06 16:29:48 | 000,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\FWES\program\fsdfwd.exe
PRC - [2009/04/06 16:28:54 | 000,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsqh.exe
PRC - [2009/04/06 16:27:58 | 000,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe
PRC - [2009/02/06 17:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 03:34:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/14 08:43:26 | 000,534,040 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2006/06/07 16:57:46 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
PRC - [2006/03/02 03:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2005/10/18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/21 00:54:52 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\assaad\Bureau\OTL.exe
MOD - [2009/04/06 16:35:02 | 000,252,512 | ---- | M] (F-Secure Corporation) -- C:\Program Files\SFR\Pack Sécurité\Spam Control\fsscoepl.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService)
SRV - File not found [On_Demand | Stopped] -- -- (sdAuxService)
SRV - File not found [Auto | Stopped] -- -- (Planificateur LiveUpdate automatique)
SRV - [2010/03/20 21:12:06 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/09/23 13:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/08/16 13:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/06 16:35:58 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/04/06 16:34:16 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/04/06 16:29:48 | 000,510,560 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/04/06 16:27:58 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\SFR\Pack Sécurité\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/04/14 03:34:07 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 03:34:07 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 03:34:07 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/14 03:33:38 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 03:33:27 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/06/27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/06/15 15:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/07/14 08:43:26 | 000,534,040 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2006/06/07 16:57:46 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/03/02 03:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2006/03/02 03:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2005/10/18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/03/20 21:18:29 | 000,107,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/03/20 21:18:13 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/02/12 17:18:59 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/09/23 13:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/04/06 16:33:18 | 000,067,808 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/04/06 16:29:46 | 000,079,872 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/04/06 16:28:58 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/04/06 16:28:58 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/20 12:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/14 19:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2007/01/09 11:35:44 | 000,091,776 | ---- | M] (USB Generic Camera) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1210.sys -- (CAM1210)
DRV - [2006/07/25 12:46:24 | 000,043,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/07/21 15:12:16 | 001,095,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/19 16:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2006/07/06 07:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/07/04 18:29:18 | 004,306,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/07 22:06:58 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/06/07 16:33:34 | 000,855,018 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/06/07 16:29:10 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/06/07 16:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/06/07 16:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/06/07 16:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/04/25 17:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/04/07 05:46:48 | 000,031,104 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/03/13 16:50:08 | 000,085,696 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300obex.sys -- (w300obex)
DRV - [2006/03/13 16:50:06 | 000,087,824 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2006/03/13 16:50:02 | 000,096,352 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm)
DRV - [2006/03/13 16:50:00 | 000,009,264 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl)
DRV - [2006/03/13 16:49:54 | 000,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2006/03/02 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/02 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/12/22 11:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 11:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 11:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/12/14 07:51:00 | 003,580,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/10/19 17:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/10/18 15:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005/08/18 19:43:24 | 000,200,320 | R--- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bender.sys -- (BENDER)
DRV - [2005/07/13 16:55:22 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005/01/05 17:29:30 | 000,432,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2004/11/22 16:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/05/08 18:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 06:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel(r) 82801 (WDM)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C EA 13 52 44 E8 CA 01 [binary data]
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?mkt=fr-FR&form=MIAWB1&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/14 18:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/12 10:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/28 07:47:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/08 17:48:37 | 000,000,000 | ---D | M]

[2008/09/12 11:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\assaad\Application Data\Mozilla\Extensions
[2010/03/18 23:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\extensions
[2009/10/04 17:51:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 02:26:04 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\bing.xml
[2010/03/17 20:47:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin-1.xml
[2010/01/03 14:12:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin-2.xml
[2010/01/30 07:27:35 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin-3.xml
[2010/02/13 10:35:56 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin-4.xml
[2010/03/01 18:49:26 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin-5.xml
[2010/03/12 10:14:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin-6.xml
[2008/03/31 08:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin.gif
[2008/03/31 08:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin.src
[2009/10/25 15:22:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\assaad\Application Data\Mozilla\Firefox\Profiles\dprp5sum.default\searchplugins\icqplugin.xml
[2010/03/18 23:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/16 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/03/12 10:13:55 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/01/24 20:23:00 | 000,002,194 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/03/12 10:13:55 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/12 10:13:55 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/18 22:06:51 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/12 10:13:55 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/12 10:13:55 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/17 09:25:28 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Barre d'outils Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce\Setup: [ ] File not found
O4 - HKLM..\RunOnce\Setup: [ IEradicator 2001] File not found
O4 - HKLM..\RunOnce\Setup: [ http://www.LitePC.com] File not found
O4 - HKLM..\RunOnce\Setup: [ ___________________________] File not found
O4 - HKLM..\RunOnce\Setup: [ © 1999-2003 LitePC Technologies] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\SFR\Pack Sécurité\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\SFR\Pack Sécurité\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h50203.www5.hp.com/HPISWeb/Cust ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0733964062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/x-mrml {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Fichiers communs\A&W\MidRadio.ocx (YAMAHA CORPORATION)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\assaad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\assaad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Documents and Settings\assaad\Application Data\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/11 11:35:29 | 000,000,145 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/21 00:12:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/29 03:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/21 01:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\assaad\Bureau\21-03-2010
[2010/03/21 01:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\assaad\Bureau\erunt
[2010/03/21 01:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\assaad\Application Data\Malwarebytes
[2010/03/21 01:08:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/21 01:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/21 01:08:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/21 01:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/21 00:59:11 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\assaad\Bureau\mbam-setup.exe
[2010/03/21 00:54:51 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\assaad\Bureau\OTL.exe
[2010/03/21 00:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\assaad\Bureau\backups
[2010/03/21 00:44:40 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\assaad\Bureau\HiJackThis.exe
[2010/03/20 21:03:08 | 000,199,280 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\assaad\Mes documents\fsaua-reset.exe
[2010/03/20 20:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\assaad\Application Data\F-Secure
[2010/03/20 20:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2010/03/20 20:26:24 | 000,079,872 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2010/03/20 20:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\SFR
[2010/03/20 20:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/03/20 20:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/03/20 20:10:03 | 074,056,208 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\assaad\Bureau\Pack_Securite.exe
[2010/03/19 02:42:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\assaad\IECompatCache
[2010/03/19 02:41:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\assaad\PrivacIE
[2010/03/19 02:39:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\assaad\IETldCache
[2010/03/19 02:38:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/03/19 02:37:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/03/19 02:34:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/19 02:26:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\assaad\Bureau\Services Windows Live
[2010/03/16 09:43:14 | 000,000,000 | ---D | C] -- C:\lj1200
[2010/03/16 09:41:11 | 004,120,288 | ---- | C] (Hewlett Packard ) -- C:\Documents and Settings\assaad\Bureau\lj1017fr.exe
[2010/03/14 16:25:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\assaad\Recent
[2010/03/01 16:18:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/22 21:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/02/08 18:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/08 17:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/18 09:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/01/17 09:46:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/17 09:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/01/17 09:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/16 09:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/16 09:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2009/05/04 06:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Copernic
[2009/04/27 09:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/12/07 08:56:19 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Fichiers communs\keyhelp.ocx
[2007/11/25 10:58:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/10/15 01:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/10/13 09:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/25 15:25:29 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2007/09/25 15:25:29 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007/09/25 15:25:29 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/30 16:12:38 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B0A6AEE4-DE43-42D1-83EF-DB50D9D78CA0}.job
[2010/04/30 10:00:36 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Grondel Sebastien.doc
[2010/04/29 03:39:50 | 000,000,846 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/21 01:41:34 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\assaad\NTUSER.DAT
[2010/03/21 01:23:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hrvu.sys
[2010/03/21 01:16:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 01:08:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/21 01:02:08 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\erunt-loc_fr.zip
[2010/03/21 01:01:32 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\erunt.zip
[2010/03/21 01:00:00 | 000,000,542 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance automatique.job
[2010/03/21 00:59:11 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\assaad\Bureau\mbam-setup.exe
[2010/03/21 00:54:52 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\assaad\Bureau\OTL.exe
[2010/03/21 00:44:40 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\assaad\Bureau\HiJackThis.exe
[2010/03/21 00:16:38 | 001,867,394 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/21 00:16:38 | 001,255,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 00:16:38 | 000,746,708 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/21 00:16:37 | 000,520,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 00:16:37 | 000,006,206 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 00:14:13 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/21 00:14:08 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/21 00:12:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/21 00:12:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/21 00:12:05 | 2129,977,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/20 21:24:36 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\assaad\ntuser.ini
[2010/03/20 21:18:13 | 000,033,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/03/20 21:03:26 | 000,199,280 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\assaad\Mes documents\fsaua-reset.exe
[2010/03/20 20:28:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/20 20:24:30 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/19 02:26:05 | 000,001,366 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Aller sur MSN.fr.lnk
[2010/03/19 02:26:04 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Internet Explorer.lnk
[2010/03/19 00:51:32 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Internet Explorer - résolution de problèmes.url
[2010/03/18 23:26:38 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Chers Collègue2.doc
[2010/03/18 23:26:33 | 000,007,499 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Chers Collègue.pdf
[2010/03/16 09:42:36 | 004,120,288 | ---- | M] (Hewlett Packard ) -- C:\Documents and Settings\assaad\Bureau\lj1017fr.exe
[2010/03/15 07:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/11 21:31:33 | 000,000,431 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/09 23:45:56 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\assaad\Bureau\Chers Collègues.doc
[2010/03/09 23:39:15 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Chers Collègues.doc
[2010/03/06 17:05:32 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/28 14:01:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/30 10:04:14 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Grondel Sebastien.doc
[2010/03/21 01:23:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hrvu.sys
[2010/03/21 01:08:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/21 01:02:08 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\erunt-loc_fr.zip
[2010/03/21 01:01:32 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\erunt.zip
[2010/03/20 20:45:59 | 000,000,542 | ---- | C] () -- C:\WINDOWS\tasks\Maintenance automatique.job
[2010/03/20 20:26:40 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/03/19 02:41:38 | 000,000,434 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B0A6AEE4-DE43-42D1-83EF-DB50D9D78CA0}.job
[2010/03/19 02:36:18 | 000,000,846 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/19 02:26:05 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Aller sur MSN.fr.lnk
[2010/03/19 02:26:04 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Internet Explorer.lnk
[2010/03/19 00:51:32 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Internet Explorer - résolution de problèmes.url
[2010/03/18 23:26:33 | 000,007,499 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Chers Collègue.pdf
[2010/03/18 21:21:21 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Chers Collègue2.doc
[2010/03/12 18:51:40 | 2129,977,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/09 23:45:56 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\assaad\Bureau\Chers Collègues.doc
[2010/03/09 21:20:48 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Chers Collègues.doc
[2009/11/19 20:33:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/01 07:16:09 | 000,006,651 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/27 21:25:24 | 000,000,386 | ---- | C] () -- C:\WINDOWS\3DBELOTE2.INI
[2009/03/05 23:57:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/03/03 13:43:31 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/11/02 12:24:54 | 000,000,065 | ---- | C] () -- C:\WINDOWS\a2lis register.ini
[2008/09/19 22:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/12 12:05:57 | 000,024,340 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/09/12 12:05:56 | 000,001,106 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/09/12 12:04:57 | 000,060,366 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/09/12 12:04:55 | 000,015,286 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/09/12 12:04:54 | 000,017,538 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/09/12 12:04:53 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/05/26 13:41:51 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2008/05/26 13:41:51 | 000,001,070 | ---- | C] () -- C:\WINDOWS\Sol.ini
[2008/05/26 13:41:51 | 000,000,982 | ---- | C] () -- C:\WINDOWS\Fa.ini
[2008/05/10 13:09:57 | 003,080,237 | ---- | C] () -- C:\WINDOWS\System32\MSOWC.DLL
[2008/05/06 07:43:29 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/04/25 20:16:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/04/25 20:13:08 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/03/10 10:27:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/03/02 17:50:47 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/01/28 18:51:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/13 19:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/11/01 10:30:57 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\VideoGenieSetup.ini
[2007/10/18 07:04:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2007/10/16 08:50:25 | 000,000,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/10 13:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COMPANIONAPP.INI
[2007/10/10 12:53:30 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\assaad\Application Data\$_hpcst$.hpc
[2007/10/07 09:13:54 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\assaad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/05 11:04:32 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/10/05 10:53:26 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/10/05 10:53:26 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/10/05 10:53:26 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/10/05 10:53:26 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/10/05 10:53:26 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/09/29 12:28:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/25 16:06:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/25 15:44:23 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\assaad\Local Settings\Application Data\fusioncache.dat
[2007/09/25 15:25:34 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2007/09/25 15:25:32 | 000,432,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys
[2007/09/25 15:15:24 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/25 14:57:59 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7I.DLL
[2007/01/04 09:46:30 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2007/01/04 09:37:04 | 000,000,359 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/01/04 09:37:03 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/04 09:37:03 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/01/04 09:37:03 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/01/04 09:37:02 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/01/04 09:37:01 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/01/04 06:57:23 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007/01/04 06:57:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007/01/04 06:57:22 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007/01/04 06:57:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007/01/04 06:57:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007/01/04 06:57:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007/01/04 06:57:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007/01/04 06:57:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007/01/04 06:57:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007/01/04 06:57:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2006/12/12 08:44:28 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/12/12 08:44:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/12/12 08:43:10 | 000,000,978 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/12/12 00:09:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/11 23:58:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/17 11:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/11/11 20:52:52 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll
[2006/11/08 13:27:04 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\cam1210.dll
[2006/06/07 16:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/14 07:51:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/14 07:51:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/14 07:51:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/14 07:51:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/14 07:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/14 07:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/14 07:51:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\nvrszht.dll
[2005/12/14 07:51:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/04/01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/03/14 19:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/09/25 14:58:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/20 20:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010/03/20 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/12/07 07:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotbarSA
[2009/09/16 21:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

Extras.Txt

Messagede jasjasjas » 21 Mar 2010, 01:54

OTL Extras logfile created on: 21/03/2010 01:37:38 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\assaad\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,51 Gb Total Space | 7,88 Gb Free Space | 11,85% Space Free | Partition Type: NTFS
Drive D: | 8,01 Gb Total Space | 1,81 Gb Free Space | 22,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232,88 Gb Total Space | 147,07 Gb Free Space | 63,15% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP66331861920
Current User Name: assaad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{3F866D37-22D0-435D-94F1-31A64D566D0E}" = Pinnacle device drivers
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{425FFD94-36BD-4933-881B-FE0B9DADF2B7}" = Ma-Config.com
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B92A11C-F48F-430A-AB8D-3F7CA80669CD}" = SDMSSplash
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75ADEFA2-D4FF-4B37-9E93-4306E6AC176B}_is1" = ImgBurn 2.3.2.0 Fr
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B0A8F0E-3672-4DA5-9540-A8D0171C38D8}" = TuneUp Utilities Language Pack (fr-FR)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9012040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 D3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B8E67C-4BB9-4F21-8582-04C6AF77D99E}" = Hewlett-Packard Asset Agent for Smart Desktop
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 J2
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium
"{D173E50C-D87F-40A1-BFB2-FFEA51F92CB1}" = HP Credential Manager for ProtectTools
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BelAtoutFr_is1" = Bel Atout 4.41
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"ExtractNow_is1" = ExtractNow
"Free CD Ripper_is1" = Free CD Ripper V1.9
"F-Secure Product 444" = Pack sécurité
"GeoGebra" = GeoGebra
"GifMovieGear 4" = Gif Movie Gear 4
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"hotpot_is1" = HotPotatoes v 6.2.5.1
"ICQToolbar" = ICQ Toolbar
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3C3B2C97-0DAB-482F-9C95-6610827210E3}" = ASUS nVIDIA Driver
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OutilsCI" = Outils Club Internet
"PhotoFiltre" = PhotoFiltre
"RealPlayer 6.0" = RealPlayer
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"X'nStop_is1" = X'nStop 2.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1613455336-2178215805-893938065-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/03/2010 16:13:35 | Computer Name = HP66331861920 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 20/03/2010 16:13:35 | Computer Name = HP66331861920 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section
Data.

Error - 20/03/2010 16:16:35 | Computer Name = HP66331861920 | Source = Application Hang | ID = 1002
Description = Application bloquée Eudora.exe, version 6.2.1.2, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/03/2010 18:03:32 | Computer Name = HP66331861920 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.8313.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/03/2010 19:12:22 | Computer Name = HP66331861920 | Source = MSSQL$PINNACLESYS | ID = 19011
Description =

Error - 20/03/2010 19:12:22 | Computer Name = HP66331861920 | Source = MSSQL$PINNACLESYS | ID = 19011
Description =

Error - 20/03/2010 19:16:34 | Computer Name = HP66331861920 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 20/03/2010 19:16:34 | Computer Name = HP66331861920 | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 20/03/2010 19:16:34 | Computer Name = HP66331861920 | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section
Data.

Error - 20/03/2010 20:12:23 | Computer Name = HP66331861920 | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 20/03/2010 15:06:10 | Computer Name = HP66331861920 | Source = RemoteAccess | ID = 20106
Description = Impossible d'ajouter l'interface {4A2B28F6-4EB6-4083-838C-F008268E6678}
avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite
: Impossible d'accomplir cette fonction.

Error - 20/03/2010 15:06:10 | Computer Name = HP66331861920 | Source = RemoteAccess | ID = 20106
Description = Impossible d'ajouter l'interface {4A2B28F6-4EB6-4083-838C-F008268E6678}
avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite
: Impossible d'accomplir cette fonction.

Error - 20/03/2010 15:30:18 | Computer Name = HP66331861920 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 20/03/2010 15:30:18 | Computer Name = HP66331861920 | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
NVSvc à une transaction.

Error - 20/03/2010 15:30:18 | Computer Name = HP66331861920 | Source = RemoteAccess | ID = 20106
Description = Impossible d'ajouter l'interface {4A2B28F6-4EB6-4083-838C-F008268E6678}
avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite
: Impossible d'accomplir cette fonction.

Error - 20/03/2010 16:09:33 | Computer Name = HP66331861920 | Source = RemoteAccess | ID = 20106
Description = Impossible d'ajouter l'interface {4A2B28F6-4EB6-4083-838C-F008268E6678}
avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite
: Impossible d'accomplir cette fonction.

Error - 20/03/2010 16:10:24 | Computer Name = HP66331861920 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 20/03/2010 17:58:22 | Computer Name = HP66331861920 | Source = DCOM | ID = 10010
Description = Le serveur {25E8A7CA-5874-4F85-BC00-35210131C444} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 20/03/2010 19:12:38 | Computer Name = HP66331861920 | Source = RemoteAccess | ID = 20106
Description = Impossible d'ajouter l'interface {4A2B28F6-4EB6-4083-838C-F008268E6678}
avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite
: Impossible d'accomplir cette fonction.

Error - 20/03/2010 19:13:33 | Computer Name = HP66331861920 | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

[ TuneUp Events ]
Error - 18/03/2010 09:50:34 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 18/03/2010 14:54:45 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 18/03/2010 19:54:25 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 18/03/2010 21:40:03 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 18/03/2010 22:06:27 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 28/04/2010 22:16:56 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 29/04/2010 00:56:05 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 29/04/2010 01:02:27 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 29/04/2010 13:02:02 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 30/04/2010 02:21:24 | Computer Name = HP66331861920 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


<End>
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

merci de votre aide

Messagede jasjasjas » 21 Mar 2010, 01:56

A bientôt,
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

Messagede nickW » 22 Mar 2010, 01:08

Bonsoir,

Je suppose qu'il faut que je devine quels sont les symptômes d'infection. :twisted:
Je suppose aussi que tu sais écrire Bonjour/Bonsoir!


Peux-tu faire ceci:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur")
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur l'un des liens ci-dessous:
http://eric71.geekstogo.com/tools/ToolBarSD.exe
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 2: CKScanner (de askey127), téléchargement
Télécharger CKScanner.exe depuis:
http://downloads.malwareremoval.com/CKScanner.exe

Important: Enregistrer le fichier sur le Bureau.


Étape 3: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image F-Secure: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Décharger"


Étape 4: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 5: CKScanner (de askey127), exécution
Faire un double-clic sur CKScanner.exe pour lancer le programme.

Sur l'écran principal, cliquer sur le bouton "Search For Files"
Image

Après un court laps de temps, une liste s'affiche dans la partie droite de l'image.

Cliquer sur le bouton "Save List to File" Image

Un message annonce que le fichier a été enregistré, cliquer sur OK Image

Cliquer sur le bouton "Exit" pour fermer le programme.


Étape 6: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de CKScanner (contenu du fichier ckfiles.txt situé sur le Bureau)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

merci bcp

Messagede jasjasjas » 23 Mar 2010, 22:41

Bonsoir, Je t'en remercie infiniment. Mon pc rame bcp et il est très lent. Voici les deux rapports.

De plus, je crois que mon fils de 16 ans a installé avec son copain des logiciels sans licence, je voudrais aussi les suppripmer.
Je viens de voir nero, puis je le désinstallé en utilisant suppression de programme? J'ai toujours peur qu'il reste des traces (j'ai lu sur des forums qu'il reste toujours des logiciels espions quand on pirate un logiciel.

Coridalement
JAS

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : assaad ( Administrator )
BOOT : Normal boot
Antivirus : Pack Sécurité SFR 9.12 9.12 (Not Activated)
Firewall : Pack Sécurité SFR 9.12 9.12 (Not Activated)
C:\ (Local Disk) - NTFS - Total:66 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:232 Go (Free:169 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 23/03/2010|22:34 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Nath\APPLIC~1\Hotbar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA\HotbarSA.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA\HotbarSAAbout.mht
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA\HotbarSAau.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA\HotbarSAEULA.mht
C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA\HotbarSA_kyf.dat
C:\DOCUME~1\Nath\APPLIC~1\VMNToolbar
C:\DOCUME~1\Nath\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\Program Files\VMNToolbar
C:\Program Files\VMNToolbar\vmntoolbar.dll.old14

-----------\\ Extensions

(assaad) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(Enfants) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(Nath) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Nath) - {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} => nautipolis
(Nath) - {a02c0c70-605c-11da-8cd6-0800200c9a66} => p-inner
(Nath) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Nath) - {dd30bf68-268a-4815-ad48-8740b774c764} => redcats_green
(Nath) - {04421038-C218-40e7-9BEB-C90811075F8A} => azerty__mail-3.0-tb
(Nath) - {4014fd56-67cb-4dd9-8d89-1021a2d759d9} => oxybird-1.3-tb+sb-win
(Nath) - {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} => foxytunes
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-is
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja-JP-mac
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ja
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ko
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nn-NO
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ro
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-uk
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-TW
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-is
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja-JP-mac
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ja
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ko
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nn-NO
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ro
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-uk
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-TW
(Nath) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google.fr/"
"Search Page"="http://home.microsoft.com/access/allinone.asp"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\assaad\Favoris\France\NERO-code\.... MuCaCa CracKs .....url
C:\DOCUME~1\assaad\Favoris\France\NERO-code\CRACK.MS - All CRACKs and SERIALs on ONE Site.url
C:\DOCUME~1\assaad\Favoris\France\NERO-code\CrackzPlanet.com - Google Earth Pro 3.0beta-VOORHEES.url
C:\DOCUME~1\assaad\Favoris\France\NERO-code\IncrediMail Premium 2003 Build 2001184 crack serial number keygen patch activation code unlock.url



1 - "C:\ToolBar SD\TB_1.txt" - 23/03/2010|22:36 - Option : [1]

-----------\\ Fin du rapport a 22:36:03,15

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\assaad\favoris\france\nero-code\.... mucaca cracks .....url
c:\documents and settings\assaad\favoris\france\nero-code\crack.ms - all cracks and serials on one site.url
c:\documents and settings\assaad\favoris\france\nero-code\crackzplanet.com - google earth pro 3.0beta-voorhees.url
c:\documents and settings\assaad\favoris\france\nero-code\incredimail premium 2003 build 2001184 crack serial number keygen patch activation code unlock.url
c:\program files\pinnacle\studio 10\plugins\rtfx\3dserver\filtersplus3d\crackedslab3d.xml
c:\program files\pinnacle\studio 10\plugins\rtfx\studioxml\rtfx volume 2\crackedslab-gpu.xml
c:\toolbar sd\crack.txt
scanner sequence 3.FA.11
----- EOF -----
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

Messagede nickW » 24 Mar 2010, 01:37

Bonsoir,

Premiers nettoyages:

Au vu de la longueur de la procédure, je te conseille de l'imprimer, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet ni aux navigateurs, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur")


Étape 1: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 2: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image F-Secure: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Décharger"


Étape 3: Toolbar-S&D (de la Team IDN) , option 2: Suppression

Impératif: Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, Mozilla, Opera, etc).

Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.

Ne pas fermer la fenêtre pendant la suppression des fichiers!

Lorsque la suppression est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 4: Désactivation des programmes de sécurité résidents
Si le PC a redémarré et si l'antivirus est de nouveau actif, il faut le désactiver.
Image F-Secure: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Décharger"


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 6: Désactivation des programmes de sécurité résidents
Si le PC a redémarré et si l'antivirus est de nouveau actif, il faut le désactiver.
Image F-Secure: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Décharger"


Étape 7: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-100324.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 8: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de Toolbar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Gmer (contenu du fichier gmer-100324.txt)<----ce rapport est souvent très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

bsr

Messagede jasjasjas » 27 Mar 2010, 23:43

Bosnoir
J'ai eu du mal avec Gmer, j'ai refait trois fois la procedure, il s'est plonté trois fois, j'ai du supprimé un compte et faire netoyer ps mal de chose et je refait la procédeure, gmer a pris 4 h presque. merci de votre aide, voici les rapports:


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : assaad ( Administrator )
BOOT : Normal boot
Antivirus : Pack Sécurité SFR 9.12 9.12 (Not Activated)
Firewall : Pack Sécurité SFR 9.12 9.12 (Not Activated)
C:\ (Local Disk) - NTFS - Total:66 Go (Free:24 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:232 Go (Free:215 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 27/03/2010|17:27 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(assaad) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(Enfants) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google.fr/"
"Search Page"="http://home.microsoft.com/access/allinone.asp"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\assaad\Favoris\France\NERO-code\.... MuCaCa CracKs .....url
C:\DOCUME~1\assaad\Favoris\France\NERO-code\CRACK.MS - All CRACKs and SERIALs on ONE Site.url
C:\DOCUME~1\assaad\Favoris\France\NERO-code\CrackzPlanet.com - Google Earth Pro 3.0beta-VOORHEES.url
C:\DOCUME~1\assaad\Favoris\France\NERO-code\IncrediMail Premium 2003 Build 2001184 crack serial number keygen patch activation code unlock.url



1 - "C:\ToolBar SD\TB_1.txt" - 23/03/2010|22:36 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/03/2010|13:03 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 27/03/2010|10:34 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 27/03/2010|17:19 - Option : [2]
5 - "C:\ToolBar SD\TB_5.txt" - 27/03/2010|17:28 - Option : [2]

-----------\\ Fin du rapport a 17:28:25,95


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3920
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/03/2010 17:38:32
mbam-log-2010-03-27 (17-38-32).txt

Type de recherche: Examen rapide
Eléments examinés: 160944
Temps écoulé: 9 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-27 21:36:27
Windows 5.1.2600 Service Pack 3
Running: toto.exe; Driver: C:\DOCUME~1\assaad\LOCALS~1\Temp\kwtdrpoc.sys


---- System - GMER 1.0.15 ----

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

Messagede nickW » 28 Mar 2010, 01:42

Bonsoir,

Tu as exécuté Toolbar S&D 5 fois!
Il faudrait envoyer le contenu du fichier C:\ToolBar SD\TB_2.txt

De même pour MBAM: le rapport envoyé ne montre plus rien.
Ce n'est pas le premier rapport de nettoyage créé après celui du 21/03/2010 à 01:31:53.


Comment se comporte le PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Bonjour

Messagede jasjasjas » 28 Mar 2010, 09:05

Bonjour,

Comme le pc s'est plonté bcp à l'étape 7 (GMER) apres plus que 7h à 8 h d'execusion, j'ai du supprimer le compte Nath et de faire le ménage, malheureusement , je n'ai pas gardé les anciens fichiers Tb et mbam. Le pc va mieux mais tjr très lent au démarrage et quand j'excuste n'importe quelle programme( word, internet explorer, messagerie, msn, etc) il est très lent pour l'excusion, mais une fois excuuter le programme fonctionne bien.

Merci de ton aide
XP Pro
jasjasjas
 
Messages: 20
Inscription: 25 Avr 2008, 10:31

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 14 invités