[OK]Demande d'aide pour eradiquer trojans et cheaux de troie

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK]Demande d'aide pour eradiquer trojans et cheaux de troie

Messagede marcanimations » 22 Mar 2010, 19:20

[ok]
bonjour je suis infercter par des trojans,virus Win 32/cryptor et cheval de troie downloader.agent2.swo
detecter par avg 9
impossible de supprimer ces infections.
elles reviennent constamment.
j'ai suivi la procedure prealable
merci de m'aider et me dire quoi faire

winxp pro sp3
p4 2.4 g
760 go ram ddr
dd 780 go
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede marcanimations » 22 Mar 2010, 19:21

voici les rapport

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3900
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/03/2010 18:45:17
mbam-log-2010-03-22 (18-45-13).txt

Type de recherche: Examen rapide
Eléments examinés: 121853
Temps écoulé: 10 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xzswqecx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{005a713c-cd8a-4d16-9f10-19dca915bb87} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{005a713c-cd8a-4d16-9f10-19dca915bb87} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{005a713c-cd8a-4d16-9f10-19dca915bb87} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pqwuoyfs (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\giblzsi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ifpsvahw.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\choixow.dll (Trojan.Vundo.H) -> No action taken.
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede marcanimations » 22 Mar 2010, 19:22

OTL logfile created on: 22/03/2010 18:49:30 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 1,09 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 42,61 Gb Total Space | 22,21 Gb Free Space | 52,13% Space Free | Partition Type: NTFS
Drive E: | 17,27 Gb Total Space | 17,17 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 275,99 Gb Free Space | 59,26% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/22 18:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2010/03/19 18:26:17 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 18:26:16 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/19 18:26:13 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/19 18:26:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/19 18:25:44 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/19 18:24:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/19 18:24:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 17:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/04/13 20:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 03:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/12/09 19:23:25 | 000,151,552 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/18 04:40:26 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2005/12/12 14:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/04/24 23:03:26 | 000,683,520 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier\SuperCopier.exe
PRC - [2002/04/30 02:23:52 | 001,433,600 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2001/08/23 17:47:42 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 18:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Procedure Call Netsver)
SRV - File not found [Disabled | Stopped] -- -- (NVSvc)
SRV - [2010/03/19 18:24:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/19 18:24:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/12/17 03:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/09 19:23:25 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/28 17:00:00 | 000,103,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\giblzsi.dll -- (pqwuoyfs)
SRV - [2001/08/23 17:47:42 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2010/03/19 18:27:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/19 18:27:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/19 18:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/28 12:05:12 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 20:47:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 20:47:24 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 19:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 09:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2008/03/13 13:50:02 | 000,202,048 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ftd2xx.dll -- (FTD2XX)
DRV - [2008/03/04 12:41:38 | 000,014,072 | ---- | M] (Ma-Config.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2007/12/09 19:23:24 | 000,210,400 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/09 19:23:24 | 000,081,280 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/12/09 19:23:24 | 000,028,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/05/02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007/05/02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007/05/02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006/02/06 17:49:00 | 000,217,088 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/02/06 17:49:00 | 000,017,792 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005/10/20 14:50:22 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2005/10/15 04:07:12 | 001,351,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/01 10:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/09/01 10:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/09/18 10:29:30 | 000,044,998 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2002/05/01 01:33:44 | 000,378,314 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/09/19 10:41:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/09/19 10:41:00 | 000,050,432 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/09/19 10:41:00 | 000,037,822 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2001/09/19 10:41:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/09/19 10:41:00 | 000,012,413 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcFltr)
DRV - [2001/09/19 10:41:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/28 16:00:00 | 000,023,424 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imvjdtfx.sys -- (imvjdtfx)
DRV - [2001/08/17 21:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 21:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 21:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 21:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/10 02:54:44 | 000,010,256 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2000/11/21 17:17:02 | 000,096,482 | R--- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dig_v.sys -- (DIG_V)
DRV - [2000/11/09 12:52:06 | 000,019,440 | R--- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dig_ts.sys -- (DIG_TS)
DRV - [2000/11/09 10:52:34 | 000,007,907 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dig_x.sys -- (DIG_X)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [1999/01/10 12:00:00 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dlportio.sys -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2008/11/06 06:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/03/22 16:34:44 | 000,380,721 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13140 more lines...
O2 - BHO: (no name) - {005A713C-CD8A-4D16-9F10-19DCA915BB87} - C:\WINDOWS\system32\ifpsvahw.dll ()
O2 - BHO: (no name) - {008A7FE6-D5E7-47EC-960A-B13DBBC64386} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0B0DE630-F72C-4326-B9DC-A709103956CE} - No CLSID value found.
O2 - BHO: (no name) - {1C7F54E9-416F-4AFB-AD9E-35C5886D79C7} - No CLSID value found.
O2 - BHO: (no name) - {39E7D0F5-55A2-4E4B-A30C-A90F84765058} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {3D5FDE72-BA36-42C0-9DB8-99E75326F587} - C:\WINDOWS\System32\avtap.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {53E659E1-BFB4-4E20-B6D7-52DE5C8E487D} - No CLSID value found.
O2 - BHO: (no name) - {5BAA77D2-9EF3-4183-9781-EF3D185723C3} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {633FA35C-DFE2-412E-A839-321ED55DE49C} - No CLSID value found.
O2 - BHO: (no name) - {666B0198-CF69-4027-84B0-C2E5B1CDD1E3} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7A47B728-7D29-41E5-BCF3-4DBA54111312} - No CLSID value found.
O2 - BHO: (no name) - {8727E702-DB3B-4BD9-BD90-2FC99D483F48} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {97447416-B3ED-4D8F-9726-C79DE0526290} - No CLSID value found.
O2 - BHO: (no name) - {A10267E5-0DF3-4AAC-9266-E32C235DA38B} - No CLSID value found.
O2 - BHO: () - {A2F10187-5E04-4792-ABA7-6687CD7AE536} - C:\WINDOWS\system32\giblzsi.dll (Microsoft Corporation)
O2 - BHO: (no name) - {BE8EB6E3-9768-4CE0-9316-25C7B43B35B8} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1482476501-573735546-839522115-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1482476501-573735546-839522115-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RJJBBASR] C:\WINDOWS\RJJBBASR.exe File not found
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [EPSON Stylus DX5000 Series (à partir de MARC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe (L'Aventure Multimedia)
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe (SFX TEAM)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://webscanner.kaspersky.fr/kavwebscan_unicode.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer.com/antivirus/Msie/bitdefender.cab (AvxScanOnline Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} Reg Error: Value error. (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... 586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1482476501-573735546-839522115-500 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\xzswqecx: DllName - giblzsi.dll - C:\WINDOWS\System32\giblzsi.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/25 19:59:44 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/21 10:07:43 | 000,000,023 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/11/21 10:08:04 | 000,000,023 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7f14e937-c386-11dd-bd9c-00e04c3122dd}\Shell\Auto\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 20:33:58 | 000,401,408 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/07 19:52:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: pqwuoyfs - C:\WINDOWS\system32\giblzsi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/22 18:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/22 18:19:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrateur\Bureau\erunt-setup.exe
[2010/03/22 18:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/03/22 18:16:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/22 18:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/03/22 18:16:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 18:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/22 18:14:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/03/22 18:13:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/03/22 17:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/03/22 17:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/22 17:51:51 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/03/19 18:28:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/19 18:27:45 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 18:27:41 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 18:27:31 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/19 18:27:28 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 18:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/19 18:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/03/19 18:18:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 18:18:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/19 18:08:39 | 001,475,016 | ---- | C] (AVG Technologies) -- D:\Mes documents\avg_free_stb_eu_9_114_free.exe
[2010/03/19 12:03:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\PrivacIE
[2010/03/19 11:26:34 | 000,128,000 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\_detmp.4
[2010/03/19 10:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/19 10:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/03/19 10:50:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/03/19 10:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/03/19 10:49:16 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/03/19 10:49:16 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/03/19 10:49:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/03/19 10:49:15 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/03/19 10:49:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/03/19 10:49:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/11/16 21:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/16 21:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/16 21:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/10/26 14:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\rvofddlz
[2009/10/26 14:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\rvofddlz
[2009/09/21 14:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/07 13:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2007/04/13 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/04/13 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/01/03 20:28:25 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/22 18:26:39 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/22 18:26:30 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/03/22 18:26:29 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/03/22 18:20:01 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\erunt-loc_fr.zip
[2010/03/22 18:19:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrateur\Bureau\erunt-setup.exe
[2010/03/22 18:16:15 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/22 18:15:00 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/03/22 18:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/03/22 17:52:06 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/03/22 17:51:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/03/22 17:33:10 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3E2BF9F-89B1-41A8-BD77-F029AAABC655}.job
[2010/03/22 17:27:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 17:27:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 17:26:05 | 013,578,240 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2010/03/22 17:26:05 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/03/22 17:25:01 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 16:34:44 | 000,380,721 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/22 10:21:05 | 003,780,444 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/03/21 21:22:31 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/03/21 20:14:18 | 057,469,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/21 19:00:06 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/03/21 13:04:54 | 001,041,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/21 13:04:54 | 000,497,382 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/21 13:04:54 | 000,429,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 13:04:54 | 000,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/21 13:04:54 | 000,066,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 13:04:53 | 000,401,172 | ---- | M] () -- C:\WINDOWS\System32\perfh040.dat
[2010/03/21 13:04:53 | 000,047,476 | ---- | M] () -- C:\WINDOWS\System32\perfc040.dat
[2010/03/20 12:38:53 | 1718,764,544 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\backup1.pst
[2010/03/19 18:27:48 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 18:27:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 18:27:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/19 18:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 18:27:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/19 18:08:39 | 001,475,016 | ---- | M] (AVG Technologies) -- D:\Mes documents\avg_free_stb_eu_9_114_free.exe
[2010/03/19 18:00:38 | 000,002,028 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/19 12:26:16 | 000,380,721 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100322-163443.backup
[2010/03/19 12:21:54 | 000,351,384 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/19 11:58:05 | 001,261,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/19 11:26:53 | 000,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/19 11:26:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/03/19 11:03:11 | 000,000,152 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/03/19 10:34:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/19 10:27:52 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/19 10:05:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 18:26:39 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/22 18:26:30 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/03/22 18:26:29 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/03/22 18:20:00 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\erunt-loc_fr.zip
[2010/03/22 18:16:15 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/22 17:52:06 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/03/20 14:12:26 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/03/20 11:02:40 | 1718,764,544 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\backup1.pst
[2010/03/19 18:27:27 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/19 18:27:14 | 057,469,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/19 15:59:31 | 000,165,717 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\VistaXP Remover.exe
[2010/03/19 15:59:14 | 000,105,366 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\levelKro.net-vixtaxpremover.zip
[2010/03/19 11:26:34 | 000,562,545 | ---- | C] () -- C:\WINDOWS\_detmp.3
[2009/03/10 16:41:35 | 000,096,082 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\FASTWiz.log
[2009/03/07 19:19:10 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\ifpsvahw.dll
[2009/03/07 19:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\giblzsi.dll.bak
[2009/02/28 11:27:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/02/20 17:07:40 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009/02/20 17:07:40 | 000,001,372 | R--- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2008/11/17 11:48:11 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/17 11:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CalendarPlus.INI
[2008/11/16 18:17:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/06 18:12:25 | 002,731,986 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\install.txt
[2008/11/06 09:21:05 | 000,004,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/04 17:46:01 | 000,005,422 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/04 17:38:47 | 000,107,776 | ---- | C] () -- C:\WINDOWS\System32\adptifu.dll
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 22:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/18 08:23:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D99854D0F9.sys
[2008/09/06 10:20:39 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2008/07/19 15:37:59 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\6D685BAB4C.sys
[2008/07/18 17:47:17 | 000,000,637 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2008/06/11 09:46:56 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\DMX510Vb.dll
[2008/06/11 09:46:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EspionDll.dll
[2008/06/11 09:46:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MPUSBAPI.DLL
[2008/06/03 11:08:45 | 000,009,279 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2008/06/03 11:08:45 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2008/06/03 11:08:45 | 000,000,170 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008/06/03 11:08:43 | 000,008,913 | ---- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/06/03 11:08:43 | 000,007,454 | ---- | C] () -- C:\WINDOWS\Disktool.INI
[2008/06/03 11:08:43 | 000,003,677 | ---- | C] () -- C:\WINDOWS\SoundCon.INI
[2008/04/30 11:22:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/24 08:26:51 | 000,000,084 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/04/13 20:33:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/26 10:56:37 | 000,002,028 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/09 10:26:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2007/12/09 19:23:24 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/09/04 17:03:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/09/04 16:42:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/04 16:39:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2007/08/25 11:11:46 | 000,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2007/07/24 09:00:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\CMMIPLAY.INI
[2007/07/24 08:59:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CMAURACK.INI
[2007/07/18 11:30:01 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/07/10 15:13:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SAGEPERS.DLL
[2007/06/24 10:15:22 | 000,000,470 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2007/03/27 08:26:43 | 000,027,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sys8042.sys
[2007/02/20 11:44:57 | 000,322,048 | ---- | C] () -- C:\WINDOWS\System32\Easylase.dll
[2007/02/07 13:08:31 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/01/31 11:46:25 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2007/01/26 09:29:26 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2006/12/27 16:56:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2006/12/27 16:43:50 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/12/17 12:11:33 | 000,004,021 | ---- | C] () -- C:\WINDOWS\ANDREUR.INI
[2006/12/17 12:09:58 | 000,003,890 | ---- | C] () -- C:\WINDOWS\jaacdb.drv
[2006/12/17 12:09:58 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\ijapn.drv
[2006/12/17 12:09:58 | 000,003,218 | ---- | C] () -- C:\WINDOWS\nijdpde.drv
[2006/12/17 12:09:58 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\efggno.drv
[2006/12/17 12:09:58 | 000,000,706 | ---- | C] () -- C:\WINDOWS\pdngen.drv
[2006/12/17 12:09:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\podpd.drv
[2006/12/17 12:09:58 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\ggeged.sys
[2006/11/16 18:27:36 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/10/03 09:31:57 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2006/09/11 16:47:11 | 000,301,056 | ---- | C] () -- C:\WINDOWS\System32\usbdmxfs.dll
[2006/09/11 16:47:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usb_dll.dll
[2006/09/11 16:47:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\usbdmx.dll
[2006/09/11 16:47:11 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll
[2006/09/11 16:47:11 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\LPT_dmx.dll
[2006/09/11 16:47:11 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\usbdmxsi.dll
[2006/09/11 16:47:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FASTTime32.dll
[2006/09/11 16:47:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dashard2006.dll
[2006/09/11 16:47:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dashard.dll
[2006/09/11 16:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dashardvb.dll
[2006/09/11 16:47:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx60.dll
[2006/09/11 16:47:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx120.dll
[2006/09/11 16:47:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2006/09/11 16:47:10 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\dlportio.sys
[2006/08/24 18:19:42 | 000,044,544 | R--- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/08/24 18:19:11 | 000,000,195 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/07/30 20:05:16 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/07/19 18:53:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/07/04 14:52:43 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/06/26 10:39:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\M3JP2K.INI
[2006/06/26 10:31:16 | 000,000,158 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/06/26 10:25:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/06/26 10:25:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/06/26 10:15:55 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\39059249ED.sys
[2006/06/26 10:08:18 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 09:49:35 | 001,483,776 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2006/06/26 09:49:33 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006/06/26 09:49:33 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/06/26 09:49:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/26 09:49:21 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2006/06/26 09:43:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/06/26 09:27:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2006/06/26 09:21:31 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2006/06/26 09:21:31 | 000,000,250 | ---- | C] () -- C:\WINDOWS\DELFAX.INI
[2006/06/26 09:21:29 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/06/26 09:18:27 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2006/06/26 09:18:27 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2006/06/26 09:05:20 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/26 08:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/26 08:47:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2006/06/26 08:34:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/06/26 08:34:55 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/06/26 08:34:24 | 000,017,133 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/06/26 08:34:24 | 000,016,793 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2006/06/26 08:34:17 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/06/26 08:34:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/06/26 08:33:50 | 000,001,779 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/26 08:33:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/26 08:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RaidMan.INI
[2006/06/25 19:33:34 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/25 19:33:32 | 000,063,158 | ---- | C] () -- C:\WINDOWS\System32\hdlayer.dll
[2006/06/25 19:33:31 | 001,111,508 | ---- | C] () -- C:\WINDOWS\System32\xprouting.dll
[2005/11/09 14:41:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/11/05 17:46:26 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/04/28 05:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 05:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/04/01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 19:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 00:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 00:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1996/04/17 09:48:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini

========== LOP Check ==========

[2007/07/18 11:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Anvil Studio
[2007/07/08 10:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BonkEnc
[2007/07/18 14:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ciel
[2007/01/13 11:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ConvertTemp
[2006/09/04 13:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EasyView
[2007/09/04 17:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EPSON
[2007/06/23 10:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Leadertech
[2009/03/07 17:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ma-config.com
[2007/12/10 10:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Micro Application
[2009/10/26 14:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\rvofddlz
[2009/02/28 12:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Samsung
[2008/11/10 10:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Serif
[2006/09/08 12:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SynthFont
[2008/08/03 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Temporary
[2006/12/27 17:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TerraTec
[2007/01/13 11:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TransRender
[2009/03/07 17:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\UseNeXT
[2006/07/11 16:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Visicom Media
[2010/03/22 17:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2007/10/29 16:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
[2008/06/18 17:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2007/07/10 15:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ciel
[2009/09/21 14:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2006/06/25 19:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN Messenger 6.1.0207
[2008/11/06 09:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/03/05 19:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2009/10/26 14:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\rvofddlz
[2010/03/22 17:33:10 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C3E2BF9F-89B1-41A8-BD77-F029AAABC655}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/04/13 20:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2008/04/13 20:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 20:47:24 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2008/04/13 20:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2003/03/21 01:00:00 | 000,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\Drivers\disk3\iaStor.sys

<MD5>
[2008/04/13 20:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/04/13 20:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<MD5>
[2003/06/12 20:31:46 | 000,075,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C14004B -- C:\Drivers\disk9\viasraid.sys
[2003/09/05 12:25:14 | 000,077,056 | ---- | M] (VIA Technologies inc,.ltd) MD5=45469FA05947D75874316649A22878D4 -- C:\Drivers\disk14\viasraid.sys
[2003/10/31 12:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\Drivers\disk7\viasraid.sys

<systemroot>

<systemroot>
[2009/09/21 08:40:54 | 000,107,776 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\adptifu.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2001/08/28 17:00:00 | 000,136,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ifpsvahw.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
<End>
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede marcanimations » 22 Mar 2010, 19:24

OTL Extras logfile created on: 22/03/2010 18:49:30 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 1,09 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 42,61 Gb Total Space | 22,21 Gb Free Space | 52,13% Space Free | Partition Type: NTFS
Drive E: | 17,27 Gb Total Space | 17,17 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 275,99 Gb Free Space | 59,26% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\adslTV\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\adslTV\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv -- (adsltv.org)
"C:\WINDOWS\system32\rln704ho.exe" = C:\WINDOWS\system32\rln704ho.exe:*:Disabled:rln704ho -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\ENTTEC LightFactory\sl.exe" = C:\Program Files\ENTTEC LightFactory\sl.exe:*:Enabled:sl -- File not found
"C:\Program Files\FreeStyler\EasyView.exe" = C:\Program Files\FreeStyler\EasyView.exe:*:Enabled:3D visualizer -- File not found
"D:\temp\usmt\migwiz.exe" = D:\temp\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logiciel iTouch de Logitech
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0BB0793B-3BFC-49D2-911F-320B72DDA90C}" = TMPGEnc Plus 2.5
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1FF7993C-23B1-4C91-B1F6-09D13C57A06A}_is1" = VirtualDub 1.8.8 Fr
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .1
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{62369F2F77534556AEF4C58152E3BDE5}" = Dr.DivX
"{65BAA7BC-9840-43CD-82CF-47C9D37579B9}" = Vocus
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6F06A42D-525C-49ED-8622-E16790956CD8}" = Ma-Config.com plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7585478E9D9B42108671C12F8714CEFE}" = DivX Converter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FA0B491-912E-40F1-940A-F339D5630EB8}" = Ciel Compta 13.20
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
"{9017040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC50A61F-327F-4FD4-9CC3-9B491FA7E802}" = Micro Application - Vos Photos à la Télé sur CD-DVD 2007 Edition Deluxe
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B620C4CD-D76C-4BBF-95D8-1C03AFA00C78}" = Ciel Saisie Comptable
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6E6B04E-0498-4794-B272-2EDE12E02837}_is1" = VirtualDub Plugin Pack 1.0.0.6 Fr
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E8CD2C36-FABF-4277-A732-B978E20FB88F}" = directDéclaration
"{EA7E6911-A891-4D49-A897-F727C3F45886}" = Web Studio
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"AC3Filter" = AC3Filter (remove only)
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"adsl TV" = adsl TV
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"CleanUp!" = CleanUp!
"Cloneur Expert" = Cloneur Expert
"CursorXP" = CursorXP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX" = DivX 3.11a
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"ESDX5000_CX4900 Guide d’utilisation" = ESDX5000_CX4900 Guide d’utilisation
"ffdshow_is1" = ffdshow [rev 801] [2007-01-19]
"Filtre Matroska" = Filtre Matroska
"Filtre Real Media 9 et 10" = Filtre Real Media 9 et 10
"Free Video Converter_is1" = Free Video Converter V 1.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.4
"FTP Expert 3" = FTP Expert 3
"GENEUIDE" = USB Storage Driver
"gsle4" = LRC Editor 4.0 (remove only)
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{0BB0793B-3BFC-49D2-911F-320B72DDA90C}" = TMPGEnc Plus 2.5
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector
"LameACM" = Lame ACM MP3 Codec
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveUpdate" = LiveUpdate
"M3JPEG2K" = Morgan M-JPEG2000 codec V1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"MediaDICO" = Micro Application - MediaDICO
"MessengerPlus2" = Messenger Plus!
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Panasonic MPEG1 Encoder Plug-In Ver.2.5" = Panasonic MPEG1 Encoder Plug-In Ver.2.5
"Panasonic MPEG1 Encoder Software Ver.2.51" = Panasonic MPEG1 Encoder Software Ver.2.51
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PDF Editeur 2" = PDF Editeur 2
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SuperCopier" = SuperCopier
"Tunatic" = Tunatic
"VD Codec Pack" = VD Codec Pack 3.7
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.6
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Lecteur Windows Media 10
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"x264 Revision 366 x264.nl" = x264 Revision 366 x264.nl (remove only)
"x264 VFW" = x264 VFW (remove only)
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/03/2010 07:46:44 | Computer Name = TEST | Source = MsiInstaller | ID = 11327
Description = Produit : Microsoft Office FrontPage 2003 -- Erreur 1327. Lecteur
J:\ non valide.

Error - 21/03/2010 07:46:44 | Computer Name = TEST | Source = MsiInstaller | ID = 1024
Description = Produit : Microsoft Office FrontPage 2003 - La mise à jour 'Office
2003 Service Pack 3 (SP3): MAINSP3' n'a pas pu être installée. Code d'erreur 1603.
Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles
erreurs d'installation des packages logiciels. Utilisez le lien suivant pour afficher
des instructions concernant l'activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127

Error - 21/03/2010 07:59:11 | Computer Name = TEST | Source = MsiInstaller | ID = 11327
Description = Produit : Microsoft Office Professional Edition 2003 -- Erreur 1327.
Lecteur J:\ non valide.

Error - 21/03/2010 07:59:11 | Computer Name = TEST | Source = MsiInstaller | ID = 1024
Description = Produit : Microsoft Office Professional Edition 2003 - La mise à jour
'Update for Outlook 2003: Junk E-mail Filter (KB979771): OUTLFLTR' n'a pas pu être
installée. Code d'erreur 1603. Windows Installer peut créer des journaux pour
faciliter la résolution des éventuelles erreurs d'installation des packages logiciels.
Utilisez le lien suivant pour afficher des instructions concernant l'activation
des journaux : http://go.microsoft.com/fwlink/?LinkId=23127

Error - 21/03/2010 07:59:17 | Computer Name = TEST | Source = MsiInstaller | ID = 11327
Description = Produit : Microsoft Office Professional Edition 2003 -- Erreur 1327.
Lecteur J:\ non valide.

Error - 21/03/2010 07:59:17 | Computer Name = TEST | Source = MsiInstaller | ID = 1024
Description = Produit : Microsoft Office Professional Edition 2003 - La mise à jour
'Update for Office 2003 (KB907417): OTKLOADR' n'a pas pu être installée. Code d'erreur
1603. Windows Installer peut créer des journaux pour faciliter la résolution des
éventuelles erreurs d'installation des packages logiciels. Utilisez le lien suivant
pour afficher des instructions concernant l'activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127

Error - 22/03/2010 05:20:42 | Computer Name = TEST | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant fun_avcodec.dll, version 0.0.0.0, adresse de défaillance 0x000a6462.

Error - 22/03/2010 05:35:26 | Computer Name = TEST | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant fun_avcodec.dll, version 0.0.0.0, adresse de défaillance 0x000a6462.

Error - 22/03/2010 12:25:07 | Computer Name = TEST | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant fun_avcodec.dll, version 0.0.0.0, adresse de défaillance 0x000a6462.

Error - 22/03/2010 12:25:33 | Computer Name = TEST | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant fun_avcodec.dll, version 0.0.0.0, adresse de défaillance 0x000a6462.

[ System Events ]
Error - 22/03/2010 12:25:26 | Computer Name = TEST | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 22/03/2010 12:26:02 | Computer Name = TEST | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 22/03/2010 12:29:12 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Le service Pinnacle PCTV Sat TS n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 22/03/2010 12:29:12 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Le service Pinnacle PCTV Sat Analog n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 22/03/2010 12:29:12 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Le service Pinnacle PCTV Sat Crossbar n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 22/03/2010 12:29:12 | Computer Name = TEST | Source = Service Control Manager | ID = 7023
Description = Le service USB Serial Converter Monitor s'est arrêté avec l'erreur :
%%5

Error - 22/03/2010 12:29:12 | Computer Name = TEST | Source = Service Control Manager | ID = 7000
Description = Le service URQUSSQL n'a pas pu démarrer en raison de l'erreur : %%2

Error - 22/03/2010 12:29:13 | Computer Name = TEST | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : pctvvbi

Error - 22/03/2010 13:06:41 | Computer Name = TEST | Source = EventLog | ID = 6004
Description = Un paquet non valide d'un pilote a été reçu depuis le sous-système
d'E/S. La donnée est le paquet.

Error - 22/03/2010 13:00:32 | Computer Name = TEST | Source = EventLog | ID = 6004
Description = Un paquet non valide d'un pilote a été reçu depuis le sous-système
d'E/S. La donnée est le paquet.


<End>
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede nickW » 27 Mar 2010, 02:04

Bonsoir,

Premiers nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 2: OTL (de OldTimer), préparation du nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
SRV - [2001/08/28 17:00:00 | 000,103,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\giblzsi.dll -- (pqwuoyfs)
O2 - BHO: (no name) - {005A713C-CD8A-4D16-9F10-19DCA915BB87} - C:\WINDOWS\system32\ifpsvahw.dll ()
O2 - BHO: (no name) - {008A7FE6-D5E7-47EC-960A-B13DBBC64386} - No CLSID value found.
O2 - BHO: (no name) - {0B0DE630-F72C-4326-B9DC-A709103956CE} - No CLSID value found.
O2 - BHO: (no name) - {1C7F54E9-416F-4AFB-AD9E-35C5886D79C7} - No CLSID value found.
O2 - BHO: (no name) - {39E7D0F5-55A2-4E4B-A30C-A90F84765058} - No CLSID value found.
O2 - BHO: (no name) - {3D5FDE72-BA36-42C0-9DB8-99E75326F587} - C:\WINDOWS\System32\avtap.dll File not found
O2 - BHO: (no name) - {53E659E1-BFB4-4E20-B6D7-52DE5C8E487D} - No CLSID value found.
O2 - BHO: (no name) - {5BAA77D2-9EF3-4183-9781-EF3D185723C3} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {633FA35C-DFE2-412E-A839-321ED55DE49C} - No CLSID value found.
O2 - BHO: (no name) - {666B0198-CF69-4027-84B0-C2E5B1CDD1E3} - No CLSID value found.
O2 - BHO: (no name) - {7A47B728-7D29-41E5-BCF3-4DBA54111312} - No CLSID value found.
O2 - BHO: (no name) - {8727E702-DB3B-4BD9-BD90-2FC99D483F48} - No CLSID value found.
O2 - BHO: (no name) - {97447416-B3ED-4D8F-9726-C79DE0526290} - No CLSID value found.
O2 - BHO: (no name) - {A10267E5-0DF3-4AAC-9266-E32C235DA38B} - No CLSID value found.
O2 - BHO: () - {A2F10187-5E04-4792-ABA7-6687CD7AE536} - C:\WINDOWS\system32\giblzsi.dll (Microsoft Corporation)
O2 - BHO: (no name) - {BE8EB6E3-9768-4CE0-9316-25C7B43B35B8} - No CLSID value found.
O4 - HKLM..\Run: [RJJBBASR] C:\WINDOWS\RJJBBASR.exe File not found
O20 - Winlogon\Notify\xzswqecx: DllName - giblzsi.dll - C:\WINDOWS\System32\giblzsi.dll (Microsoft Corporation)
NetSvcs: pqwuoyfs - C:\WINDOWS\system32\giblzsi.dll (Microsoft Corporation)

:Files
D:\autorun.inf
E:\autorun.inf
C:\WINDOWS\System32\ifpsvahw.dll
C:\WINDOWS\System32\giblzsi.dll.bak
C:\WINDOWS\system32\adptifu.dll

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: marcanimations.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG 8.5 & 9: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 6: OTL (de OldTimer), nettoyage

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Run Fix: Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede marcanimations » 29 Mar 2010, 14:03

bonjour nikw et merci de ta reponse

le rapport rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrateur on 29/03/2010 at 10:50:20.


Processes terminated by Rkill or while it was running:


C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Documents and Settings\Administrateur\Bureau\rkill.pif


Rkill completed on 29/03/2010 at 10:50:24.



le rapport malwarebytes :


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3925
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/03/2010 11:23:39
mbam-log-2010-03-29 (11-23-39).txt

Type de recherche: Examen rapide
Eléments examinés: 122812
Temps écoulé: 10 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xzswqecx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{005a713c-cd8a-4d16-9f10-19dca915bb87} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{005a713c-cd8a-4d16-9f10-19dca915bb87} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{005a713c-cd8a-4d16-9f10-19dca915bb87} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pqwuoyfs (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\giblzsi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ifpsvahw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\choixow.dll (Trojan.Vundo.H) -> Delete on reboot.
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede marcanimations » 29 Mar 2010, 14:06

et enfin le rapport otl

OTL logfile created on: 29/03/2010 11:41:19 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,00 Mb Total Physical Memory | 441,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 1,55 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
Drive D: | 42,61 Gb Total Space | 22,21 Gb Free Space | 52,13% Space Free | Partition Type: NTFS
Drive E: | 17,27 Gb Total Space | 17,17 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 275,99 Gb Free Space | 59,26% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/22 19:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2010/03/19 19:26:17 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/19 19:26:16 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/19 19:26:13 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/19 19:26:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/19 19:24:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/19 19:24:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 21:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/12/09 20:23:25 | 000,151,552 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2001/08/23 18:47:42 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 19:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Procedure Call Netsver)
SRV - File not found [Disabled | Stopped] -- -- (NVSvc)
SRV - [2010/03/19 19:24:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/19 19:24:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/09 20:23:25 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/23 18:47:42 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2008/11/06 07:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/03/22 17:34:44 | 000,380,721 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13140 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {3D5FDE72-BA36-42C0-9DB8-99E75326F587} - C:\WINDOWS\System32\avtap.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: () - {A2F10187-5E04-4792-ABA7-6687CD7AE536} - C:\WINDOWS\system32\giblzsi.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series (à partir de MARC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe (L'Aventure Multimedia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe (SFX TEAM)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://webscanner.kaspersky.fr/kavwebscan_unicode.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer.com/antivirus/Msie/bitdefender.cab (AvxScanOnline Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} Reg Error: Value error. (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... 586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\xzswqecx: DllName - giblzsi.dll - C:\WINDOWS\System32\giblzsi.dll ()
O24 - Desktop Components:0 () - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/25 20:59:44 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7f14e937-c386-11dd-bd9c-00e04c3122dd}\Shell\Auto\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 21:33:58 | 000,401,408 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 11:29:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/22 19:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/22 19:19:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrateur\Bureau\erunt-setup.exe
[2010/03/22 19:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/03/22 19:16:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/22 19:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/03/22 19:16:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 19:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/22 19:14:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/03/22 19:13:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/03/22 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/03/22 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/22 18:51:51 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/03/19 19:28:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/19 19:27:45 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 19:27:41 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 19:27:31 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/19 19:27:28 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 19:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/19 19:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/03/19 19:18:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 19:18:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/19 19:08:39 | 001,475,016 | ---- | C] (AVG Technologies) -- D:\Mes documents\avg_free_stb_eu_9_114_free.exe
[2010/03/19 13:03:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\PrivacIE
[2010/03/19 12:26:34 | 000,128,000 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\_detmp.4
[2010/03/19 11:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/19 11:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/03/19 11:50:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/03/19 11:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/16 22:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/16 22:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/16 22:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/10/26 15:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\rvofddlz
[2009/10/26 15:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\rvofddlz
[2009/09/21 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/07 14:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2007/04/13 19:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/04/13 19:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/01/03 21:28:25 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 14 Days ==========

[2010/03/29 11:36:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 11:35:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 11:35:39 | 013,578,240 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2010/03/29 11:35:39 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/03/29 10:36:43 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.pif
[2010/03/29 10:32:05 | 058,189,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/29 10:29:22 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3E2BF9F-89B1-41A8-BD77-F029AAABC655}.job
[2010/03/29 10:28:23 | 000,497,382 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/29 10:28:23 | 000,429,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 10:28:23 | 000,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/29 10:28:23 | 000,066,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/29 10:28:22 | 001,084,044 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/29 10:28:21 | 000,401,172 | ---- | M] () -- C:\WINDOWS\System32\perfh040.dat
[2010/03/29 10:28:21 | 000,047,476 | ---- | M] () -- C:\WINDOWS\System32\perfc040.dat
[2010/03/29 10:25:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 23:04:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/03/26 20:00:04 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/03/22 19:26:39 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/22 19:26:30 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/03/22 19:26:29 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/03/22 19:20:01 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\erunt-loc_fr.zip
[2010/03/22 19:19:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrateur\Bureau\erunt-setup.exe
[2010/03/22 19:16:15 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/22 19:15:00 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/03/22 19:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/03/22 18:52:06 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/03/22 18:51:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/03/22 18:25:01 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 17:34:44 | 000,380,721 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/22 11:21:05 | 003,780,444 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/03/20 13:38:53 | 1718,764,544 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\backup1.pst
[2010/03/19 19:27:48 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 19:27:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 19:27:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/19 19:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 19:27:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/19 19:08:39 | 001,475,016 | ---- | M] (AVG Technologies) -- D:\Mes documents\avg_free_stb_eu_9_114_free.exe
[2010/03/19 19:00:38 | 000,002,028 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/19 13:26:16 | 000,380,721 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100322-163443.backup
[2010/03/19 13:21:54 | 000,351,384 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/19 12:58:05 | 001,261,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/19 12:26:53 | 000,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/19 12:26:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/03/19 12:03:11 | 000,000,152 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/03/19 11:34:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/19 11:27:52 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2010/03/29 10:36:42 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.pif
[2010/03/22 19:26:39 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/22 19:26:30 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/03/22 19:26:29 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/03/22 19:20:00 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\erunt-loc_fr.zip
[2010/03/22 19:16:15 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/22 18:52:06 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/03/20 15:12:26 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/03/20 12:02:40 | 1718,764,544 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\backup1.pst
[2010/03/19 19:27:27 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/19 19:27:14 | 058,189,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/19 16:59:31 | 000,165,717 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\VistaXP Remover.exe
[2010/03/19 16:59:14 | 000,105,366 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\levelKro.net-vixtaxpremover.zip
[2010/03/19 12:26:34 | 000,562,545 | ---- | C] () -- C:\WINDOWS\_detmp.3
[2009/03/10 17:41:35 | 000,096,082 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\FASTWiz.log
[2009/03/07 20:19:10 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\ifpsvahw.dll
[2009/03/07 20:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\giblzsi.dll.bak
[2009/03/07 20:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\giblzsi.dll
[2009/03/07 20:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\choixow.dll
[2009/02/28 12:27:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/02/20 18:07:40 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009/02/20 18:07:40 | 000,001,372 | R--- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2008/11/17 12:48:11 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/17 12:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CalendarPlus.INI
[2008/11/16 19:17:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/06 19:12:25 | 002,731,986 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\install.txt
[2008/11/06 10:21:05 | 000,004,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/04 18:46:01 | 000,005,422 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/09/19 23:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 23:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 23:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/18 09:23:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D99854D0F9.sys
[2008/09/06 11:20:39 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2008/07/19 16:37:59 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\6D685BAB4C.sys
[2008/07/18 18:47:17 | 000,000,637 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2008/06/11 10:46:56 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\DMX510Vb.dll
[2008/06/11 10:46:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EspionDll.dll
[2008/06/11 10:46:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MPUSBAPI.DLL
[2008/06/03 12:08:45 | 000,009,279 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2008/06/03 12:08:45 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2008/06/03 12:08:45 | 000,000,170 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008/06/03 12:08:43 | 000,008,913 | ---- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/06/03 12:08:43 | 000,007,454 | ---- | C] () -- C:\WINDOWS\Disktool.INI
[2008/06/03 12:08:43 | 000,003,677 | ---- | C] () -- C:\WINDOWS\SoundCon.INI
[2008/04/30 12:22:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/24 09:26:51 | 000,000,084 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/04/13 21:33:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/26 11:56:37 | 000,002,028 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/09 11:26:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2007/12/09 20:23:24 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/09/04 18:03:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/09/04 17:42:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/04 17:39:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2007/08/25 12:11:46 | 000,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2007/07/24 10:00:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\CMMIPLAY.INI
[2007/07/24 09:59:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CMAURACK.INI
[2007/07/18 12:30:01 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/07/10 16:13:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SAGEPERS.DLL
[2007/06/24 11:15:22 | 000,000,470 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2007/03/27 09:26:43 | 000,027,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sys8042.sys
[2007/02/20 12:44:57 | 000,322,048 | ---- | C] () -- C:\WINDOWS\System32\Easylase.dll
[2007/02/07 14:08:31 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/01/31 12:46:25 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2007/01/26 10:29:26 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2006/12/27 17:56:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2006/12/27 17:43:50 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/12/17 13:11:33 | 000,004,021 | ---- | C] () -- C:\WINDOWS\ANDREUR.INI
[2006/12/17 13:09:58 | 000,003,890 | ---- | C] () -- C:\WINDOWS\jaacdb.drv
[2006/12/17 13:09:58 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\ijapn.drv
[2006/12/17 13:09:58 | 000,003,218 | ---- | C] () -- C:\WINDOWS\nijdpde.drv
[2006/12/17 13:09:58 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\efggno.drv
[2006/12/17 13:09:58 | 000,000,706 | ---- | C] () -- C:\WINDOWS\pdngen.drv
[2006/12/17 13:09:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\podpd.drv
[2006/12/17 13:09:58 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\ggeged.sys
[2006/11/16 19:27:36 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/10/03 10:31:57 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2006/09/11 17:47:11 | 000,301,056 | ---- | C] () -- C:\WINDOWS\System32\usbdmxfs.dll
[2006/09/11 17:47:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usb_dll.dll
[2006/09/11 17:47:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\usbdmx.dll
[2006/09/11 17:47:11 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll
[2006/09/11 17:47:11 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\LPT_dmx.dll
[2006/09/11 17:47:11 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\usbdmxsi.dll
[2006/09/11 17:47:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FASTTime32.dll
[2006/09/11 17:47:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dashard2006.dll
[2006/09/11 17:47:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dashard.dll
[2006/09/11 17:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dashardvb.dll
[2006/09/11 17:47:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx60.dll
[2006/09/11 17:47:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx120.dll
[2006/09/11 17:47:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2006/09/11 17:47:10 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\dlportio.sys
[2006/08/24 19:19:42 | 000,044,544 | R--- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/08/24 19:19:11 | 000,000,195 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/07/30 21:05:16 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/07/19 19:53:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/07/04 15:52:43 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/06/26 11:39:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\M3JP2K.INI
[2006/06/26 11:31:16 | 000,000,158 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/06/26 11:25:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/06/26 11:25:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/06/26 11:15:55 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\39059249ED.sys
[2006/06/26 11:08:18 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 10:49:35 | 001,483,776 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2006/06/26 10:49:33 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006/06/26 10:49:33 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/06/26 10:49:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/26 10:49:21 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2006/06/26 10:43:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/06/26 10:27:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2006/06/26 10:21:31 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2006/06/26 10:21:31 | 000,000,250 | ---- | C] () -- C:\WINDOWS\DELFAX.INI
[2006/06/26 10:21:29 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/06/26 10:18:27 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2006/06/26 10:18:27 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2006/06/26 10:05:20 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/26 09:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/26 09:47:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2006/06/26 09:34:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/06/26 09:34:55 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/06/26 09:34:24 | 000,017,133 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/06/26 09:34:24 | 000,016,793 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2006/06/26 09:34:17 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/06/26 09:34:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/06/26 09:33:50 | 000,001,779 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/26 09:33:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/26 09:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RaidMan.INI
[2006/06/25 20:33:34 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/25 20:33:32 | 000,063,158 | ---- | C] () -- C:\WINDOWS\System32\hdlayer.dll
[2006/06/25 20:33:31 | 001,111,508 | ---- | C] () -- C:\WINDOWS\System32\xprouting.dll
[2005/11/09 15:41:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/11/05 18:46:26 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/04/28 06:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 06:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 01:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1996/04/17 10:48:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini

========== LOP Check ==========

[2007/07/18 12:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Anvil Studio
[2007/07/08 11:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BonkEnc
[2007/07/18 15:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ciel
[2007/01/13 12:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ConvertTemp
[2006/09/04 14:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EasyView
[2007/09/04 18:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EPSON
[2007/06/23 11:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Leadertech
[2009/03/07 18:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ma-config.com
[2007/12/10 11:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Micro Application
[2009/10/26 15:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\rvofddlz
[2009/02/28 13:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Samsung
[2008/11/10 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Serif
[2006/09/08 13:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SynthFont
[2008/08/03 12:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Temporary
[2006/12/27 18:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TerraTec
[2007/01/13 12:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TransRender
[2009/03/07 18:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\UseNeXT
[2006/07/11 17:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Visicom Media
[2010/03/29 10:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2007/10/29 17:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
[2008/06/18 18:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2007/07/10 16:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ciel
[2009/09/21 15:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2006/06/25 20:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN Messenger 6.1.0207
[2008/11/06 10:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/03/05 20:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2010/03/29 10:29:22 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C3E2BF9F-89B1-41A8-BD77-F029AAABC655}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
<End>



voila j'espere que j'ai tout fait comme il faut
a+
marc
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede nickW » 02 Avr 2010, 00:54

Bonsoir,

Encore un petit effort :wink:


Étape 1: Pas de processus de surveillance en temps réel
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: OTL (de OldTimer), préparation du nettoyage

Supprimer le fichier fix.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe
iexplore.exe

:otl
O2 - BHO: (no name) - {3D5FDE72-BA36-42C0-9DB8-99E75326F587} - C:\WINDOWS\System32\avtap.dll File not found
O2 - BHO: () - {A2F10187-5E04-4792-ABA7-6687CD7AE536} - C:\WINDOWS\system32\giblzsi.dll ()
O20 - Winlogon\Notify\xzswqecx: DllName - giblzsi.dll - C:\WINDOWS\System32\giblzsi.dll ()
O33 - MountPoints2\{7f14e937-c386-11dd-bd9c-00e04c3122dd}\Shell\Auto\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/13 21:33:58 | 000,401,408 | ---- | M] (Microsoft Corporation)

:Files
C:\WINDOWS\_detmp.4
C:\WINDOWS\_detmp.3
C:\WINDOWS\System32\ifpsvahw.dll
C:\WINDOWS\System32\giblzsi.dll.bak
C:\WINDOWS\System32\giblzsi.dll
C:\WINDOWS\System32\choixow.dll
C:\Documents and Settings\NetworkService\Local Settings\Application Data\rvofddlz
C:\Documents and Settings\NetworkService\Application Data\rvofddlz

:Commands
[start explorer]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: marcanimations.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG 8.5 & 9: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 4: OTL (de OldTimer), nettoyage

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Run Fix: Image

Il y a ouverture d'une petite fenêtre "Information": Image

Cliquer sur le bouton Yes.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Custom Scans/Fixes" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 5: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Note: S'il y a installation de la nouvelle version 1.45, accepter, puis relancer une mise à jour de la base de données.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede marcanimations » 06 Avr 2010, 11:52

bonjour

j'ai suivi tes consignes et la plupart des infections sont eradiquer
par contre le bouclier resident detecte toujours un cheval de troie generic 16.BXGK dans le repertoire C/WINDOWS/system32/adptifu.dll

voici le rapport OTL

Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named iexplore.exe was found!
========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D5FDE72-BA36-42C0-9DB8-99E75326F587}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D5FDE72-BA36-42C0-9DB8-99E75326F587}\ .
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2F10187-5E04-4792-ABA7-6687CD7AE536}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2F10187-5E04-4792-ABA7-6687CD7AE536}\ .
File move failed. C:\WINDOWS\system32\giblzsi.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xzswqecx\ scheduled to be deleted on reboot.
File move failed. C:\WINDOWS\system32\giblzsi.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f14e937-c386-11dd-bd9c-00e04c3122dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f14e937-c386-11dd-bd9c-00e04c3122dd}\ not found.
C:\WINDOWS\system32\cmd.exe moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\_detmp.4 not found.
File\Folder C:\WINDOWS\_detmp.3 not found.
File move failed. C:\WINDOWS\System32\ifpsvahw.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\giblzsi.dll.bak scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\giblzsi.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\System32\choixow.dll scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\rvofddlz not found.
File\Folder C:\Documents and Settings\NetworkService\Application Data\rvofddlz not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.37.3 log created on 04052010_184502


le rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3958

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/04/2010 12:31:59
mbam-log-2010-04-06 (12-31-59).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 109453
Temps écoulé: 9 minute(s), 11 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xzswqecx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a2f10187-5e04-4792-aba7-6687cd7ae536} (Trojan.Vundo.H) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\giblzsi.dll (Trojan.Vundo.H) -> No action taken.
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Messagede marcanimations » 06 Avr 2010, 11:55

et voici le rapport otl.txt

OTL logfile created on: 06/04/2010 12:36:31 - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,00 Mb Total Physical Memory | 309,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 1,19 Gb Free Space | 8,11% Space Free | Partition Type: NTFS
Drive D: | 42,61 Gb Total Space | 22,21 Gb Free Space | 52,13% Space Free | Partition Type: NTFS
Drive E: | 17,27 Gb Total Space | 17,17 Gb Free Space | 99,45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 275,99 Gb Free Space | 59,26% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/01 19:09:02 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/01 19:08:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/22 19:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2010/03/19 19:26:16 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/19 19:26:13 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/19 19:26:10 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/19 19:24:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/19 19:24:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 21:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/12/09 20:23:25 | 000,151,552 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/18 05:40:26 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/04/25 00:03:26 | 000,683,520 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier\SuperCopier.exe
PRC - [2002/04/30 03:23:52 | 001,433,600 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
PRC - [2001/08/23 18:47:42 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 19:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Remote Procedure Call Netsver)
SRV - File not found [Disabled | Stopped] -- -- (NVSvc)
SRV - [2010/03/19 19:24:57 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/19 19:24:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/09 20:23:25 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/08/23 18:47:42 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2010/03/19 19:27:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/19 19:27:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/19 19:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/28 13:05:12 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 21:47:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 21:47:24 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 20:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 20:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 10:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2008/03/13 14:50:02 | 000,202,048 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ftd2xx.dll -- (FTD2XX)
DRV - [2008/03/04 13:41:38 | 000,014,072 | ---- | M] (Ma-Config.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2007/12/09 20:23:24 | 000,210,400 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/09 20:23:24 | 000,081,280 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/12/09 20:23:24 | 000,028,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/05/02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007/05/02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007/05/02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006/02/06 18:49:00 | 000,217,088 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/02/06 18:49:00 | 000,017,792 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005/10/20 15:50:22 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2005/10/15 05:07:12 | 001,351,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/09/01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2002/09/18 11:29:30 | 000,044,998 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2002/05/01 02:33:44 | 000,378,314 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/09/19 11:41:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/09/19 11:41:00 | 000,050,432 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/09/19 11:41:00 | 000,037,822 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2001/09/19 11:41:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/09/19 11:41:00 | 000,012,413 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcFltr)
DRV - [2001/09/19 11:41:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/28 17:00:00 | 000,023,424 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imvjdtfx.sys -- (imvjdtfx)
DRV - [2001/08/17 22:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 22:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 22:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 22:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/10 03:54:44 | 000,010,256 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2000/11/21 18:17:02 | 000,096,482 | R--- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dig_v.sys -- (DIG_V)
DRV - [2000/11/09 13:52:06 | 000,019,440 | R--- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dig_ts.sys -- (DIG_TS)
DRV - [2000/11/09 11:52:34 | 000,007,907 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dig_x.sys -- (DIG_X)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [1999/01/10 13:00:00 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dlportio.sys -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C 71 5A 00 8A CD 16 4D 9F 10 19 DC A9 15 BB 87 [binary data]
IE - HKU\S-1-5-21-1482476501-573735546-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2008/11/06 07:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2010/03/22 17:34:44 | 000,380,721 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13140 more lines...
O2 - BHO: (no name) - {008A7FE6-D5E7-47EC-960A-B13DBBC64386} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0B0DE630-F72C-4326-B9DC-A709103956CE} - No CLSID value found.
O2 - BHO: (no name) - {1C7F54E9-416F-4AFB-AD9E-35C5886D79C7} - No CLSID value found.
O2 - BHO: (no name) - {39E7D0F5-55A2-4E4B-A30C-A90F84765058} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {3D5FDE72-BA36-42C0-9DB8-99E75326F587} - C:\WINDOWS\System32\avtap.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {53E659E1-BFB4-4E20-B6D7-52DE5C8E487D} - No CLSID value found.
O2 - BHO: (no name) - {5BAA77D2-9EF3-4183-9781-EF3D185723C3} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {633FA35C-DFE2-412E-A839-321ED55DE49C} - No CLSID value found.
O2 - BHO: (no name) - {666B0198-CF69-4027-84B0-C2E5B1CDD1E3} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7A47B728-7D29-41E5-BCF3-4DBA54111312} - No CLSID value found.
O2 - BHO: (no name) - {8727E702-DB3B-4BD9-BD90-2FC99D483F48} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {97447416-B3ED-4D8F-9726-C79DE0526290} - No CLSID value found.
O2 - BHO: (no name) - {A10267E5-0DF3-4AAC-9266-E32C235DA38B} - No CLSID value found.
O2 - BHO: () - {A2F10187-5E04-4792-ABA7-6687CD7AE536} - C:\WINDOWS\system32\giblzsi.dll ()
O2 - BHO: (no name) - {BE8EB6E3-9768-4CE0-9316-25C7B43B35B8} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1482476501-573735546-839522115-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1482476501-573735546-839522115-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [EPSON Stylus DX5000 Series (à partir de MARC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe (L'Aventure Multimedia)
O4 - HKU\S-1-5-21-1482476501-573735546-839522115-500..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe (SFX TEAM)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceCheck = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1482476501-573735546-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://webscanner.kaspersky.fr/kavwebscan_unicode.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer.com/antivirus/Msie/bitdefender.cab (AvxScanOnline Control)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} Reg Error: Value error. (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... 586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1482476501-573735546-839522115-500 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\xzswqecx: DllName - giblzsi.dll - C:\WINDOWS\System32\giblzsi.dll ()
O24 - Desktop Components:0 () - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/25 20:59:44 | 000,000,030 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/29 11:29:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/22 19:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/22 19:19:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrateur\Bureau\erunt-setup.exe
[2010/03/22 19:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/03/22 19:16:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/22 19:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/03/22 19:16:05 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 19:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/22 19:14:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/03/22 19:13:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/03/22 18:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/03/22 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/22 18:51:51 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/03/19 19:28:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/19 19:27:45 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 19:27:41 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 19:27:31 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/19 19:27:28 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 19:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/19 19:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/03/19 19:18:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/19 19:18:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/19 19:08:39 | 001,475,016 | ---- | C] (AVG Technologies) -- D:\Mes documents\avg_free_stb_eu_9_114_free.exe
[2010/03/19 13:03:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\PrivacIE
[2010/03/19 11:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/19 11:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/03/19 11:50:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/03/19 11:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/03/19 11:49:16 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/03/19 11:49:16 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/03/19 11:49:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/03/19 11:49:15 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/03/19 11:49:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/03/19 11:49:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/11/16 22:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/16 22:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/16 22:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/09/21 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/07 14:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2007/04/13 19:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/04/13 19:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/01/03 21:28:25 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010/04/05 19:37:14 | 058,564,804 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/05 18:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 18:45:25 | 013,578,240 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2010/04/05 18:45:25 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/04/05 10:51:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 11:35:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 10:36:43 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.pif
[2010/03/29 10:29:22 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3E2BF9F-89B1-41A8-BD77-F029AAABC655}.job
[2010/03/29 10:28:23 | 000,497,382 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/29 10:28:23 | 000,429,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 10:28:23 | 000,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/29 10:28:23 | 000,066,374 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/29 10:28:22 | 001,084,044 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/29 10:28:21 | 000,401,172 | ---- | M] () -- C:\WINDOWS\System32\perfh040.dat
[2010/03/29 10:28:21 | 000,047,476 | ---- | M] () -- C:\WINDOWS\System32\perfc040.dat
[2010/03/26 23:04:35 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/03/26 20:00:04 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/03/22 19:26:39 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/22 19:26:30 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/03/22 19:26:29 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/03/22 19:20:01 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\erunt-loc_fr.zip
[2010/03/22 19:19:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrateur\Bureau\erunt-setup.exe
[2010/03/22 19:16:15 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/22 19:15:00 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrateur\Bureau\mbam-setup.exe
[2010/03/22 19:13:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/03/22 18:52:06 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/03/22 18:51:54 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2010/03/22 18:25:01 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 17:34:44 | 000,380,721 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/22 11:21:05 | 003,780,444 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/03/20 13:38:53 | 1718,764,544 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\backup1.pst
[2010/03/19 19:27:48 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/19 19:27:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/19 19:27:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/19 19:27:31 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/19 19:27:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/19 19:08:39 | 001,475,016 | ---- | M] (AVG Technologies) -- D:\Mes documents\avg_free_stb_eu_9_114_free.exe
[2010/03/19 19:00:38 | 000,002,028 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/19 13:26:16 | 000,380,721 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100322-163443.backup
[2010/03/19 13:21:54 | 000,351,384 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/19 12:58:05 | 001,261,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/19 12:26:53 | 000,000,825 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/19 12:26:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/03/19 12:03:11 | 000,000,152 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2010/03/19 11:34:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/19 11:27:52 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2010/03/29 10:36:42 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.pif
[2010/03/22 19:26:39 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/22 19:26:30 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/03/22 19:26:29 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/03/22 19:20:00 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\erunt-loc_fr.zip
[2010/03/22 19:16:15 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/22 18:52:06 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2010/03/20 15:12:26 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/03/20 12:02:40 | 1718,764,544 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\backup1.pst
[2010/03/19 19:27:27 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/19 19:27:14 | 058,564,804 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/19 16:59:31 | 000,165,717 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\VistaXP Remover.exe
[2010/03/19 16:59:14 | 000,105,366 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\levelKro.net-vixtaxpremover.zip
[2009/03/10 17:41:35 | 000,096,082 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\FASTWiz.log
[2009/03/07 20:19:10 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\ifpsvahw.dll
[2009/03/07 20:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\giblzsi.dll.bak
[2009/03/07 20:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\giblzsi.dll
[2009/03/07 20:19:10 | 000,103,936 | ---- | C] () -- C:\WINDOWS\System32\choixow.dll
[2009/02/28 12:27:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/02/20 18:07:40 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009/02/20 18:07:40 | 000,001,372 | R--- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2008/11/17 12:48:11 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/17 12:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CalendarPlus.INI
[2008/11/16 19:17:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/06 19:12:25 | 002,731,986 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\install.txt
[2008/11/06 10:21:05 | 000,004,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/04 18:46:01 | 000,005,422 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\A2F10187-5E04-4792-ABA7-6687CD7AE536.txt
[2008/11/04 18:38:47 | 000,107,776 | ---- | C] () -- C:\WINDOWS\System32\adptifu.dll
[2008/09/19 23:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 23:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 23:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/18 09:23:40 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D99854D0F9.sys
[2008/09/06 11:20:39 | 000,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2008/07/19 16:37:59 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\6D685BAB4C.sys
[2008/07/18 18:47:17 | 000,000,637 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2008/06/11 10:46:56 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\DMX510Vb.dll
[2008/06/11 10:46:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EspionDll.dll
[2008/06/11 10:46:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MPUSBAPI.DLL
[2008/06/03 12:08:45 | 000,009,279 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2008/06/03 12:08:45 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2008/06/03 12:08:45 | 000,000,170 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008/06/03 12:08:43 | 000,008,913 | ---- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/06/03 12:08:43 | 000,007,454 | ---- | C] () -- C:\WINDOWS\Disktool.INI
[2008/06/03 12:08:43 | 000,003,677 | ---- | C] () -- C:\WINDOWS\SoundCon.INI
[2008/04/30 12:22:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/24 09:26:51 | 000,000,084 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2008/04/13 21:33:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/26 11:56:37 | 000,002,028 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/09 11:26:09 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2007/12/09 20:23:24 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/09/04 18:03:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/09/04 17:42:03 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/04 17:39:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2007/08/25 12:11:46 | 000,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2007/07/24 10:00:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\CMMIPLAY.INI
[2007/07/24 09:59:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\CMAURACK.INI
[2007/07/18 12:30:01 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/07/10 16:13:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SAGEPERS.DLL
[2007/06/24 11:15:22 | 000,000,470 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2007/03/27 09:26:43 | 000,027,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sys8042.sys
[2007/02/20 12:44:57 | 000,322,048 | ---- | C] () -- C:\WINDOWS\System32\Easylase.dll
[2007/02/07 14:08:31 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/01/31 12:46:25 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat
[2007/01/26 10:29:26 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2006/12/27 17:56:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2006/12/27 17:43:50 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/12/17 13:11:33 | 000,004,021 | ---- | C] () -- C:\WINDOWS\ANDREUR.INI
[2006/12/17 13:09:58 | 000,003,890 | ---- | C] () -- C:\WINDOWS\jaacdb.drv
[2006/12/17 13:09:58 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\ijapn.drv
[2006/12/17 13:09:58 | 000,003,218 | ---- | C] () -- C:\WINDOWS\nijdpde.drv
[2006/12/17 13:09:58 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\efggno.drv
[2006/12/17 13:09:58 | 000,000,706 | ---- | C] () -- C:\WINDOWS\pdngen.drv
[2006/12/17 13:09:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\podpd.drv
[2006/12/17 13:09:58 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\ggeged.sys
[2006/11/16 19:27:36 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/10/03 10:31:57 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2006/09/11 17:47:11 | 000,301,056 | ---- | C] () -- C:\WINDOWS\System32\usbdmxfs.dll
[2006/09/11 17:47:11 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usb_dll.dll
[2006/09/11 17:47:11 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\usbdmx.dll
[2006/09/11 17:47:11 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll
[2006/09/11 17:47:11 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\LPT_dmx.dll
[2006/09/11 17:47:11 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\usbdmxsi.dll
[2006/09/11 17:47:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FASTTime32.dll
[2006/09/11 17:47:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dashard2006.dll
[2006/09/11 17:47:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dashard.dll
[2006/09/11 17:47:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dashardvb.dll
[2006/09/11 17:47:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx60.dll
[2006/09/11 17:47:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx120.dll
[2006/09/11 17:47:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2006/09/11 17:47:10 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\dlportio.sys
[2006/08/24 19:19:42 | 000,044,544 | R--- | C] () -- C:\WINDOWS\System32\gif89.dll
[2006/08/24 19:19:11 | 000,000,195 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/07/30 21:05:16 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/07/19 19:53:12 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/07/04 15:52:43 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/06/26 11:39:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\M3JP2K.INI
[2006/06/26 11:31:16 | 000,000,158 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/06/26 11:25:47 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/06/26 11:25:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/06/26 11:15:55 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\39059249ED.sys
[2006/06/26 11:08:18 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 10:49:35 | 001,483,776 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2006/06/26 10:49:33 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2006/06/26 10:49:33 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/06/26 10:49:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/26 10:49:21 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2006/06/26 10:43:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/06/26 10:27:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2006/06/26 10:21:31 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2006/06/26 10:21:31 | 000,000,250 | ---- | C] () -- C:\WINDOWS\DELFAX.INI
[2006/06/26 10:21:29 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/06/26 10:18:27 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2006/06/26 10:18:27 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2006/06/26 10:05:20 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/26 09:48:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/26 09:47:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2006/06/26 09:34:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/06/26 09:34:55 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/06/26 09:34:24 | 000,017,133 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/06/26 09:34:24 | 000,016,793 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2006/06/26 09:34:17 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/06/26 09:34:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/06/26 09:33:50 | 000,001,779 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/06/26 09:33:49 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/06/26 09:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RaidMan.INI
[2006/06/25 20:33:34 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/25 20:33:32 | 000,063,158 | ---- | C] () -- C:\WINDOWS\System32\hdlayer.dll
[2006/06/25 20:33:31 | 001,111,508 | ---- | C] () -- C:\WINDOWS\System32\xprouting.dll
[2005/11/09 15:41:56 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/11/05 18:46:26 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/04/28 06:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 06:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 01:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[1996/04/17 10:48:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
<End>
marcanimations
 
Messages: 26
Inscription: 22 Mar 2010, 19:06

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 25 invités