pc plante

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

pc plante

Messagede Grace » 27 Mar 2010, 00:02

Bonsoir,
depuis quelques temps mon ordinateur plante au demarrage, s'éteint et redemarre ; ou plante et je suis obligé de forcer pour le stopper, puis de la rallumer ; j'ai utilisé tune up, anti rookit, anti virus, spybot, ccleaner, anti malware ; mais aucun résultat.
vous trouverez ci-dessous mon log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:17, on 26/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk.disabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Grace\scriptjava.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/fr ... oader5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9126326062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://jeuxentelechargement.orange.fr/o ... uncher.cab
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11956 bytes

a l'avance je vous remercie
bien cordialement

Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

pc plante

Messagede Grace » 31 Mar 2010, 20:03

Bonsoir,

j'ai effectuée la procédure PAD, et vous trouverez ci-dessous le rapport de Malwarebytes' Anti-Malware :

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/03/2010 20:36:09
mbam-log-2010-03-31 (20-36-09).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 113248
Temps écoulé: 4 minute(s), 27 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

a l'avance merci à celle et celui qui me répondra ;
Cordialement

Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

pc plante

Messagede Grace » 31 Mar 2010, 20:08

Bonsoir,

Voici la 2ème partie de la procédure, le rapport OTL :

OTL logfile created on: 31/03/2010 20:42:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Grace\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 290,28 Gb Total Space | 126,01 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 121463130315
Current User Name: Grace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/31 20:10:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/03/08 05:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/07/25 10:48:30 | 000,613,376 | ---- | M] () -- C:\Program Files\Packard Bell\SrvCDEject.exe
PRC - [2006/01/11 11:29:02 | 000,548,864 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/20 07:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005/08/12 17:55:34 | 000,014,336 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2005/08/12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/04/08 06:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
PRC - [2004/03/08 17:51:33 | 000,257,536 | ---- | M] (ISSENDIS) -- C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
PRC - [2001/11/12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 20:10:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
MOD - [2009/12/21 19:35:52 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/07/25 12:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 12:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2008/07/01 17:31:26 | 000,716,800 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll
MOD - [2008/07/01 17:27:24 | 000,135,168 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_shell.dll
MOD - [2008/06/12 13:48:37 | 000,065,793 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
MOD - [2008/04/14 04:33:18 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 04:33:18 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/13 20:36:46 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/12 18:01:38 | 000,129,472 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\ldapdrv.dll
MOD - [2005/08/12 18:01:38 | 000,113,088 | ---- | M] (Softex, Inc.) -- C:\APPS\Softex\OmniPass\mstrpwd.dll
MOD - [2005/08/12 18:01:38 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2005/08/12 18:01:36 | 000,416,192 | ---- | M] (Softex, Inc.) -- C:\APPS\Softex\OmniPass\authntec.dll
MOD - [2005/08/12 17:56:32 | 000,692,224 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OpFolderExt.dll
MOD - [2005/08/12 17:53:44 | 000,049,152 | ---- | M] (Softex Incorporated) -- C:\APPS\Softex\OmniPass\Cachedrv.dll
MOD - [2005/08/12 17:53:04 | 000,303,104 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2005/08/12 17:52:54 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\opfsdll.dll
MOD - [2005/08/12 17:52:52 | 000,872,448 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2005/08/12 17:52:40 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2005/08/12 17:52:38 | 000,360,448 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2005/08/12 17:52:24 | 000,009,216 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2005/08/12 17:45:54 | 001,181,808 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\atsc63.dll
MOD - [2005/08/12 17:45:14 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71FRA.DLL
MOD - [2005/08/12 17:44:24 | 001,799,072 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005/07/18 08:05:47 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\mfc71u.dll
MOD - [2005/07/06 13:59:42 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\msvcr71.dll
MOD - [2005/05/31 13:13:26 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc71.dll
MOD - [2003/10/13 11:14:00 | 000,606,720 | ---- | M] () -- C:\WINDOWS\system32\OoPdfManagerPopup.dll
MOD - [2003/10/09 16:16:46 | 000,452,608 | ---- | M] () -- C:\WINDOWS\system32\OoneZipPopup.dll
MOD - [2003/03/18 23:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/03/18 22:05:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/04/10 11:36:16 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/07/01 17:31:18 | 001,232,896 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/07/25 10:48:30 | 000,613,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Packard Bell\SrvCDEject.exe -- (SrvCDEject)
SRV - [2006/03/02 18:10:32 | 000,564,400 | ---- | M] (Contrôle Parental) [Auto | Stopped] -- C:\Program Files\Controle Parental\bin\optproxy.exe -- (OPTENET_FILTER)
SRV - [2005/10/20 07:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/08/12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 06:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2001/11/12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2010/01/18 19:22:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/14 20:14:00 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/12/14 20:12:51 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/12/14 20:12:50 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/02/03 17:08:08 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2009/02/03 17:08:08 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2008/07/07 13:25:17 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/01 16:35:10 | 000,033,408 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2008/07/01 16:34:26 | 000,672,160 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2008/06/30 17:16:14 | 000,234,640 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/06/30 17:16:00 | 000,030,864 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/06/02 16:15:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/04/13 17:42:16 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/01/31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/06 22:38:47 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/17 12:20:58 | 000,024,448 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Player Metaboli\X4HSX32.sys -- (X4HSX32)
DRV - [2006/07/18 22:07:56 | 001,675,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/11 22:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 22:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/28 16:34:00 | 000,882,688 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/12/21 22:27:26 | 000,020,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2005/11/28 11:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/05/19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/03/29 19:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/08/13 02:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/23 18:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?client ... -8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 BF DC 33 C9 9A CA 01 [binary data]
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="
FF - prefs.js..browser.startup.homepage: "http://www.cherche.us/"



[2008/07/06 17:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Mozilla\Extensions
[2010/01/23 21:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions
[2010/01/15 23:58:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/23 21:11:24 | 000,000,000 | ---D | M] (IMBooster4web-en Toolbar) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}
[2008/07/08 20:00:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/18 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\ChoiceGuard@Microsoft
[2009/06/04 19:03:16 | 000,002,236 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\askcom.xml
[2010/03/10 23:29:22 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\cherche.xml
[2008/07/07 13:33:02 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\daemon-search.xml
[2008/11/28 19:19:54 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\ustart.xml
[2010/01/18 20:16:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/03/18 23:37:33 | 000,384,802 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13254 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [NECHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe (ISSENDIS)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Grace\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Grace\scriptjava.html ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://copainsdavant.linternaute.com/fr ... oader5.cab (Image Uploader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9126326062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://jeuxentelechargement.orange.fr/o ... uncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Apps\Softex\OmniPass\opxpgina.dll - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/23 12:42:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/31 20:20:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Grace\Bureau\erunt-setup.exe
[2010/03/31 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 20:10:28 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
[2010/03/18 13:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/10 21:14:27 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/01/10 17:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/10 17:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/25 18:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/10/25 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/08/05 00:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/08/05 00:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/03/18 22:23:24 | 000,019,456 | ---- | C] ( ) -- C:\WINDOWS\System32\cook3260.dll
[2007/03/18 21:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2007/03/15 00:51:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/03/15 00:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/03 19:28:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Grace\Application Data\pcouffin.sys
[2006/11/16 09:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2006/11/16 09:12:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Grace\*.tmp files -> C:\Documents and Settings\Grace\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/31 20:43:37 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9AE365F-85C1-4D27-B75B-312F5AE259AA}.job
[2010/03/31 20:22:22 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Grace\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/31 20:22:15 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\NTREGOPT.lnk
[2010/03/31 20:22:15 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\ERUNT.lnk
[2010/03/31 20:20:24 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\erunt-loc_fr.zip
[2010/03/31 20:20:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Grace\Bureau\erunt-setup.exe
[2010/03/31 20:10:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
[2010/03/31 20:04:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 20:04:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/03/31 20:04:36 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/31 20:04:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 20:04:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 23:18:23 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Grace\NTUSER.DAT
[2010/03/30 23:18:23 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Grace\ntuser.ini
[2010/03/30 22:50:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/30 22:20:46 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 22:11:06 | 366,332,236 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E14.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 21:50:16 | 366,965,636 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E13.Redline.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 20:30:22 | 367,310,834 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E12.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 19:22:54 | 001,121,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 19:22:54 | 000,510,654 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/28 19:22:54 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 19:22:54 | 000,084,730 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/28 19:22:54 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 01:33:16 | 733,607,936 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\2012.Truefrench.Subforced.Dvdrip.REPACK.1CD.Xvid-LECHTI-Extreme-Down.Com.avi
[2010/03/18 23:37:33 | 000,384,802 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100318-223756.backup
[2010/03/18 23:37:33 | 000,384,802 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/11 21:29:40 | 000,001,551 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\CCleaner.lnk
[2010/03/10 23:29:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Grace\tmp1.1
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Grace\*.tmp files -> C:\Documents and Settings\Grace\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/31 20:22:22 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Grace\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/31 20:22:15 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Grace\Bureau\NTREGOPT.lnk
[2010/03/31 20:22:15 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Grace\Bureau\ERUNT.lnk
[2010/03/31 20:20:24 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Grace\Bureau\erunt-loc_fr.zip
[2010/03/30 22:10:58 | 366,332,236 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E14.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 21:49:52 | 366,965,636 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E13.Redline.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 20:29:45 | 367,310,834 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E12.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/19 01:32:21 | 733,607,936 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\2012.Truefrench.Subforced.Dvdrip.REPACK.1CD.Xvid-LECHTI-Extreme-Down.Com.avi
[2010/03/10 23:29:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Grace\tmp1.1
[2009/12/14 20:35:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2009/02/26 13:55:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/07/07 13:25:16 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/20 23:54:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3006FA7F93.sys
[2008/02/20 23:45:37 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/12/30 13:00:24 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\LCIbanner0.html
[2007/12/30 12:59:36 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\Lcistatistics.xml
[2007/12/30 12:57:02 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\LCIbanner1.html
[2007/12/30 12:56:56 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\LciPersonalization.data
[2007/12/30 12:56:56 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\LciPersonalization.data
[2007/09/03 12:06:42 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 15:07:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/06/02 16:16:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/06/02 16:16:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/06/02 16:00:43 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/04/16 23:47:38 | 000,041,522 | ---- | C] () -- C:\Program Files\ffdssetts.reg
[2007/04/16 23:47:38 | 000,030,772 | ---- | C] () -- C:\Program Files\ffdsvsetts.reg
[2007/04/16 23:47:38 | 000,018,156 | ---- | C] () -- C:\Program Files\mpc6.reg
[2007/04/16 23:47:38 | 000,016,280 | ---- | C] () -- C:\Program Files\mpc5.reg
[2007/04/16 23:47:38 | 000,004,704 | ---- | C] () -- C:\Program Files\satsukidecodersettings.ini
[2007/04/16 23:47:38 | 000,003,476 | ---- | C] () -- C:\Program Files\mpc7.reg
[2007/04/16 23:47:38 | 000,003,026 | ---- | C] () -- C:\Program Files\mpc3.reg
[2007/04/16 23:47:38 | 000,001,172 | ---- | C] () -- C:\Program Files\ffdsasetts.reg
[2007/04/16 23:47:38 | 000,000,680 | ---- | C] () -- C:\Program Files\mpc2.reg
[2007/04/16 23:47:38 | 000,000,558 | ---- | C] () -- C:\Program Files\mpc1.reg
[2007/04/16 23:47:38 | 000,000,236 | ---- | C] () -- C:\Program Files\mpc4.reg
[2007/04/08 12:04:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/03/31 20:30:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\wsxttime.sys
[2007/03/17 15:43:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2007/03/17 14:26:56 | 000,003,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\118300.34
[2007/03/17 14:26:51 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\Machnm64.sys
[2007/03/17 14:26:51 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/02/21 22:00:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/03 19:28:31 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\pcouffin.log
[2007/02/03 19:28:28 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\ezpinst.exe
[2007/02/03 19:28:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\pcouffin.inf
[2007/02/03 19:28:28 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\pcouffin.cat
[2007/02/03 16:59:40 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/01 21:42:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2007/01/18 21:23:59 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/14 19:20:24 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\user60.rdb
[2007/01/14 19:20:20 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\sversion.ini
[2007/01/14 19:19:49 | 000,606,720 | ---- | C] () -- C:\WINDOWS\System32\OoPdfManagerPopup.dll
[2007/01/14 18:40:46 | 000,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/14 18:40:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/14 18:40:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/14 18:14:32 | 000,027,279 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/01/14 17:46:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\fusioncache.dat
[2006/12/11 00:32:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/06 23:02:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/06 22:45:48 | 000,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/11/06 22:41:19 | 000,000,130 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/06 22:39:31 | 000,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/11/06 22:24:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/11/06 22:24:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/06 22:23:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/07/26 09:57:34 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 12:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 16:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/09 14:11:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 12:31:44 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/02/11 05:00:00 | 000,080,014 | ---- | C] () -- C:\WINDOWS\Fonts\unins000.exe
[2003/10/09 16:16:46 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\OoneZipPopup.dll
[2002/10/06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 01:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2008/07/05 15:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2007/01/14 19:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2007/02/13 23:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exetender
[2006/11/16 09:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2007/02/25 15:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2007/01/14 18:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/08/07 22:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/04/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2008/11/28 19:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/08 17:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2008/11/28 16:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/03/01 22:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VadeRetro
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/28 19:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings
[2009/09/19 16:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/02/07 20:06:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2007/06/02 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\ConvertTemp
[2008/07/07 13:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\DAEMON Tools
[2007/03/13 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\DeepBurner
[2007/02/03 19:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\DeepBurner Pro
[2007/01/30 00:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\EoRezo
[2007/05/20 18:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Gaijin Ent
[2007/04/02 20:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Leadertech
[2007/02/03 13:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\OD2
[2007/01/14 19:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\OFFICE One v6
[2010/01/31 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\pdfforge
[2009/09/20 19:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Pirateville
[2007/02/18 20:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\pixelStorm
[2007/06/02 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Samsung
[2007/01/14 18:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\ScanSoft
[2010/01/31 19:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Search Settings
[2007/01/20 15:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Template
[2007/06/02 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Temporary
[2008/07/06 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Thunderbird
[2007/06/02 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\TransRender
[2008/11/28 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\TuneUp Software
[2007/01/14 19:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Ulead Systems
[2008/05/08 20:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\UseNeXT
[2007/02/04 20:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\VadeRetro
[2007/02/16 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Vso
[2009/09/20 19:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Zylom
[2006/11/16 09:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2010/03/31 20:04:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job
[2010/03/31 20:43:37 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B9AE365F-85C1-4D27-B75B-312F5AE259AA}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\PNP\MOBO\NVATA.SYS
[2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS\system32\drivers\nvata.sys

<MD5>
[2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\PNP\MOBO\NVATABUS.SYS

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/10 15:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>
[2008/04/14 04:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
<End>

encore merci et je vous adresse le raport OTL extras dans le prochain message.

Cordialement
Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

pc plante

Messagede Grace » 31 Mar 2010, 20:08

Bonsoir,

Voici la 2ème partie de la procédure, le rapport OTL :

OTL logfile created on: 31/03/2010 20:42:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Grace\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 290,28 Gb Total Space | 126,01 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 121463130315
Current User Name: Grace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/31 20:10:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/03/08 05:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/07/25 10:48:30 | 000,613,376 | ---- | M] () -- C:\Program Files\Packard Bell\SrvCDEject.exe
PRC - [2006/01/11 11:29:02 | 000,548,864 | ---- | M] () -- C:\WINDOWS\mHotkey.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/20 07:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005/08/12 17:55:34 | 000,014,336 | ---- | M] () -- C:\APPS\Softex\OmniPass\OPXPApp.exe
PRC - [2005/08/12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OmniServ.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/04/08 06:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
PRC - [2004/03/08 17:51:33 | 000,257,536 | ---- | M] (ISSENDIS) -- C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
PRC - [2001/11/12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 20:10:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
MOD - [2009/12/21 19:35:52 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/07/25 12:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/07/25 12:17:20 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
MOD - [2008/07/01 17:31:26 | 000,716,800 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll
MOD - [2008/07/01 17:27:24 | 000,135,168 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_shell.dll
MOD - [2008/06/12 13:48:37 | 000,065,793 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
MOD - [2008/04/14 04:33:18 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 04:33:18 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/13 20:36:46 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/12 18:01:38 | 000,129,472 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\ldapdrv.dll
MOD - [2005/08/12 18:01:38 | 000,113,088 | ---- | M] (Softex, Inc.) -- C:\APPS\Softex\OmniPass\mstrpwd.dll
MOD - [2005/08/12 18:01:38 | 000,025,024 | ---- | M] () -- C:\APPS\Softex\OmniPass\hdddrv.dll
MOD - [2005/08/12 18:01:36 | 000,416,192 | ---- | M] (Softex, Inc.) -- C:\APPS\Softex\OmniPass\authntec.dll
MOD - [2005/08/12 17:56:32 | 000,692,224 | ---- | M] (Softex Inc.) -- C:\APPS\Softex\OmniPass\OpFolderExt.dll
MOD - [2005/08/12 17:53:44 | 000,049,152 | ---- | M] (Softex Incorporated) -- C:\APPS\Softex\OmniPass\Cachedrv.dll
MOD - [2005/08/12 17:53:04 | 000,303,104 | ---- | M] () -- C:\APPS\Softex\OmniPass\userdata.dll
MOD - [2005/08/12 17:52:54 | 000,053,248 | ---- | M] () -- C:\APPS\Softex\OmniPass\opfsdll.dll
MOD - [2005/08/12 17:52:52 | 000,872,448 | ---- | M] () -- C:\APPS\Softex\OmniPass\autheng.dll
MOD - [2005/08/12 17:52:40 | 000,012,288 | ---- | M] () -- C:\APPS\Softex\OmniPass\cryptodll.dll
MOD - [2005/08/12 17:52:38 | 000,360,448 | ---- | M] () -- C:\APPS\Softex\OmniPass\storeng.dll
MOD - [2005/08/12 17:52:24 | 000,009,216 | ---- | M] () -- C:\APPS\Softex\OmniPass\SSPLogon.dll
MOD - [2005/08/12 17:45:54 | 001,181,808 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\atsc63.dll
MOD - [2005/08/12 17:45:14 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71FRA.DLL
MOD - [2005/08/12 17:44:24 | 001,799,072 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\APPS\Softex\OmniPass\sftxtgp.dll
MOD - [2005/07/18 08:05:47 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\mfc71u.dll
MOD - [2005/07/06 13:59:42 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\msvcr71.dll
MOD - [2005/05/31 13:13:26 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc71.dll
MOD - [2003/10/13 11:14:00 | 000,606,720 | ---- | M] () -- C:\WINDOWS\system32\OoPdfManagerPopup.dll
MOD - [2003/10/09 16:16:46 | 000,452,608 | ---- | M] () -- C:\WINDOWS\system32\OoneZipPopup.dll
MOD - [2003/03/18 23:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/03/18 22:05:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/04/10 11:36:16 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/07/01 17:31:18 | 001,232,896 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/07/25 10:48:30 | 000,613,376 | ---- | M] () [Auto | Running] -- C:\Program Files\Packard Bell\SrvCDEject.exe -- (SrvCDEject)
SRV - [2006/03/02 18:10:32 | 000,564,400 | ---- | M] (Contrôle Parental) [Auto | Stopped] -- C:\Program Files\Controle Parental\bin\optproxy.exe -- (OPTENET_FILTER)
SRV - [2005/10/20 07:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2005/08/12 17:55:32 | 000,032,768 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\APPS\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/04/08 06:25:04 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2001/11/12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2010/01/18 19:22:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/14 20:14:00 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/12/14 20:12:51 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/12/14 20:12:50 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/02/03 17:08:08 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2009/02/03 17:08:08 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2008/07/07 13:25:17 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/01 16:35:10 | 000,033,408 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2008/07/01 16:34:26 | 000,672,160 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2008/06/30 17:16:14 | 000,234,640 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/06/30 17:16:00 | 000,030,864 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/06/02 16:15:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/04/13 17:42:16 | 000,068,096 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/01/31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/06 22:38:47 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/17 12:20:58 | 000,024,448 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Player Metaboli\X4HSX32.sys -- (X4HSX32)
DRV - [2006/07/18 22:07:56 | 001,675,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/11 22:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 22:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/28 16:34:00 | 000,882,688 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/12/21 22:27:26 | 000,020,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2005/11/28 11:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/05/19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/03/29 19:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/08/13 02:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/23 18:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?client ... -8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 BF DC 33 C9 9A CA 01 [binary data]
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4199243538-523269437-238855192-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q="
FF - prefs.js..browser.startup.homepage: "http://www.cherche.us/"



[2008/07/06 17:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Mozilla\Extensions
[2010/01/23 21:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions
[2010/01/15 23:58:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/23 21:11:24 | 000,000,000 | ---D | M] (IMBooster4web-en Toolbar) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}
[2008/07/08 20:00:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/18 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\extensions\ChoiceGuard@Microsoft
[2009/06/04 19:03:16 | 000,002,236 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\askcom.xml
[2010/03/10 23:29:22 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\cherche.xml
[2008/07/07 13:33:02 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\daemon-search.xml
[2008/11/28 19:19:54 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\dhmg0pkd.default\searchplugins\ustart.xml
[2010/01/18 20:16:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/03/18 23:37:33 | 000,384,802 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13254 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [NECHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe (ISSENDIS)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Grace\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Grace\scriptjava.html ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-4199243538-523269437-238855192-1005\..Trusted Domains: chat-land.org ([]* in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://copainsdavant.linternaute.com/fr ... oader5.cab (Image Uploader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9126326062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://jeuxentelechargement.orange.fr/o ... uncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Apps\Softex\OmniPass\opxpgina.dll - C:\APPS\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/23 12:42:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/31 20:20:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Grace\Bureau\erunt-setup.exe
[2010/03/31 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/31 20:10:28 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
[2010/03/18 13:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/10 21:14:27 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/01/10 17:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/10 17:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/25 18:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/10/25 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/08/05 00:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/08/05 00:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/03/18 22:23:24 | 000,019,456 | ---- | C] ( ) -- C:\WINDOWS\System32\cook3260.dll
[2007/03/18 21:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2007/03/15 00:51:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/03/15 00:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/03 19:28:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Grace\Application Data\pcouffin.sys
[2006/11/16 09:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2006/11/16 09:12:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Grace\*.tmp files -> C:\Documents and Settings\Grace\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/31 20:43:37 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B9AE365F-85C1-4D27-B75B-312F5AE259AA}.job
[2010/03/31 20:22:22 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Grace\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/31 20:22:15 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\NTREGOPT.lnk
[2010/03/31 20:22:15 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\ERUNT.lnk
[2010/03/31 20:20:24 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\erunt-loc_fr.zip
[2010/03/31 20:20:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Grace\Bureau\erunt-setup.exe
[2010/03/31 20:10:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Bureau\OTL.exe
[2010/03/31 20:04:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 20:04:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/03/31 20:04:36 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/31 20:04:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 20:04:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 23:18:23 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Grace\NTUSER.DAT
[2010/03/30 23:18:23 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Grace\ntuser.ini
[2010/03/30 22:50:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/30 22:20:46 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 22:11:06 | 366,332,236 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E14.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 21:50:16 | 366,965,636 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E13.Redline.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 20:30:22 | 367,310,834 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E12.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 19:22:54 | 001,121,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 19:22:54 | 000,510,654 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/28 19:22:54 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 19:22:54 | 000,084,730 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/28 19:22:54 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/19 01:33:16 | 733,607,936 | ---- | M] () -- C:\Documents and Settings\Grace\Mes documents\2012.Truefrench.Subforced.Dvdrip.REPACK.1CD.Xvid-LECHTI-Extreme-Down.Com.avi
[2010/03/18 23:37:33 | 000,384,802 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100318-223756.backup
[2010/03/18 23:37:33 | 000,384,802 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/11 21:29:40 | 000,001,551 | ---- | M] () -- C:\Documents and Settings\Grace\Bureau\CCleaner.lnk
[2010/03/10 23:29:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Grace\tmp1.1
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Grace\*.tmp files -> C:\Documents and Settings\Grace\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/31 20:22:22 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Grace\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/03/31 20:22:15 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Grace\Bureau\NTREGOPT.lnk
[2010/03/31 20:22:15 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Grace\Bureau\ERUNT.lnk
[2010/03/31 20:20:24 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Grace\Bureau\erunt-loc_fr.zip
[2010/03/30 22:10:58 | 366,332,236 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E14.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 21:49:52 | 366,965,636 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E13.Redline.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/30 20:29:45 | 367,310,834 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\The.Mentalist.S02E12.VOSTFR.HDTV.XviD-SLT.avi
[2010/03/19 01:32:21 | 733,607,936 | ---- | C] () -- C:\Documents and Settings\Grace\Mes documents\2012.Truefrench.Subforced.Dvdrip.REPACK.1CD.Xvid-LECHTI-Extreme-Down.Com.avi
[2010/03/10 23:29:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Grace\tmp1.1
[2009/12/14 20:35:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2009/02/26 13:55:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/07/07 13:25:16 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/20 23:54:02 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3006FA7F93.sys
[2008/02/20 23:45:37 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/12/30 13:00:24 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\LCIbanner0.html
[2007/12/30 12:59:36 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\Lcistatistics.xml
[2007/12/30 12:57:02 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\LCIbanner1.html
[2007/12/30 12:56:56 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\LciPersonalization.data
[2007/12/30 12:56:56 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\LciPersonalization.data
[2007/09/03 12:06:42 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 15:07:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/06/02 16:16:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/06/02 16:16:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/06/02 16:00:43 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/04/16 23:47:38 | 000,041,522 | ---- | C] () -- C:\Program Files\ffdssetts.reg
[2007/04/16 23:47:38 | 000,030,772 | ---- | C] () -- C:\Program Files\ffdsvsetts.reg
[2007/04/16 23:47:38 | 000,018,156 | ---- | C] () -- C:\Program Files\mpc6.reg
[2007/04/16 23:47:38 | 000,016,280 | ---- | C] () -- C:\Program Files\mpc5.reg
[2007/04/16 23:47:38 | 000,004,704 | ---- | C] () -- C:\Program Files\satsukidecodersettings.ini
[2007/04/16 23:47:38 | 000,003,476 | ---- | C] () -- C:\Program Files\mpc7.reg
[2007/04/16 23:47:38 | 000,003,026 | ---- | C] () -- C:\Program Files\mpc3.reg
[2007/04/16 23:47:38 | 000,001,172 | ---- | C] () -- C:\Program Files\ffdsasetts.reg
[2007/04/16 23:47:38 | 000,000,680 | ---- | C] () -- C:\Program Files\mpc2.reg
[2007/04/16 23:47:38 | 000,000,558 | ---- | C] () -- C:\Program Files\mpc1.reg
[2007/04/16 23:47:38 | 000,000,236 | ---- | C] () -- C:\Program Files\mpc4.reg
[2007/04/08 12:04:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/03/31 20:30:16 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\wsxttime.sys
[2007/03/17 15:43:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2007/03/17 14:26:56 | 000,003,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\118300.34
[2007/03/17 14:26:51 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\Machnm64.sys
[2007/03/17 14:26:51 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/02/21 22:00:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/03 19:28:31 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\pcouffin.log
[2007/02/03 19:28:28 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\ezpinst.exe
[2007/02/03 19:28:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\pcouffin.inf
[2007/02/03 19:28:28 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\pcouffin.cat
[2007/02/03 16:59:40 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/01 21:42:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\satsukidecodersettings.ini
[2007/01/18 21:23:59 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/14 19:20:24 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\user60.rdb
[2007/01/14 19:20:20 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\sversion.ini
[2007/01/14 19:19:49 | 000,606,720 | ---- | C] () -- C:\WINDOWS\System32\OoPdfManagerPopup.dll
[2007/01/14 18:40:46 | 000,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/14 18:40:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/14 18:40:45 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/14 18:14:32 | 000,027,279 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/01/14 17:46:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Grace\Local Settings\Application Data\fusioncache.dat
[2006/12/11 00:32:16 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/06 23:02:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/06 22:45:48 | 000,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/11/06 22:41:19 | 000,000,130 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/06 22:39:31 | 000,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/11/06 22:24:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/11/06 22:24:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/06 22:23:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/07/26 09:57:34 | 000,006,741 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 12:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 16:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/09 14:11:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 12:31:44 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/02/11 05:00:00 | 000,080,014 | ---- | C] () -- C:\WINDOWS\Fonts\unins000.exe
[2003/10/09 16:16:46 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\OoneZipPopup.dll
[2002/10/06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 01:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2008/07/05 15:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2007/01/14 19:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2007/02/13 23:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exetender
[2006/11/16 09:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2007/02/25 15:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2007/01/14 18:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/08/07 22:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/04/17 00:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2008/11/28 19:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/08 17:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2008/11/28 16:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/03/01 22:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VadeRetro
[2006/11/16 09:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/28 19:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings
[2009/09/19 16:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/02/07 20:06:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2007/06/02 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\ConvertTemp
[2008/07/07 13:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\DAEMON Tools
[2007/03/13 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\DeepBurner
[2007/02/03 19:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\DeepBurner Pro
[2007/01/30 00:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\EoRezo
[2007/05/20 18:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Gaijin Ent
[2007/04/02 20:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Leadertech
[2007/02/03 13:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\OD2
[2007/01/14 19:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\OFFICE One v6
[2010/01/31 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\pdfforge
[2009/09/20 19:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Pirateville
[2007/02/18 20:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\pixelStorm
[2007/06/02 16:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Samsung
[2007/01/14 18:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\ScanSoft
[2010/01/31 19:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Search Settings
[2007/01/20 15:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Template
[2007/06/02 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Temporary
[2008/07/06 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Thunderbird
[2007/06/02 16:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\TransRender
[2008/11/28 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\TuneUp Software
[2007/01/14 19:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Ulead Systems
[2008/05/08 20:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\UseNeXT
[2007/02/04 20:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\VadeRetro
[2007/02/16 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Vso
[2009/09/20 19:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grace\Application Data\Zylom
[2006/11/16 09:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2010/03/31 20:04:42 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job
[2010/03/31 20:43:37 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B9AE365F-85C1-4D27-B75B-312F5AE259AA}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/26 13:58:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\PNP\MOBO\NVATA.SYS
[2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS\system32\drivers\nvata.sys

<MD5>
[2006/06/28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\PNP\MOBO\NVATABUS.SYS

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/10 15:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>
[2008/04/14 04:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
<End>

encore merci et je vous adresse le raport OTL extras dans le prochain message.

Cordialement
Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

pc plante

Messagede Grace » 31 Mar 2010, 20:16

Bonsoir,

je vous ai contacté car depuis quelques jours mon ordinateur plante, plus de souris et je force pour l'éteindre ; ou mon ordinateur s'arrête et se coupe et se remet en route ; j'ai utilisé tous les outils de mon ordinateur (spybot, ccleaner, anti virus, malwarebytes, anti rookit, mais rien ; le problème persiste ; donc je vous remercie pour le travail effectué, car moi je n'y comprend rien.

ci-dessous la 3ème phase : le rapport ORL extras :

OTL Extras logfile created on: 31/03/2010 20:42:12 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Grace\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 290,28 Gb Total Space | 126,01 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 121463130315
Current User Name: Grace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\aol.exe" = C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\eChanblard\emule.exe" = C:\Program Files\eChanblard\emule.exe:*:Enabled:eChanblard (2) -- (http://www.emule-project.net)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2852AC2C-B2FC-4F4A-A573-D466C872E688}" = ATI Catalyst Control Center
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Player Metaboli
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{514DF7BB-D192-417C-BB60-58BF1FD34253}" = S500/S600 USB Driver
"{552C83B7-0013-42EA-B285-1997D129DD53}" = SA31xx Device Manager & Media Converter
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10 SE
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}" = PC Map Tool 1.3
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70001F01-A93D-40A4-B832-123F54A2068E}" = NEC Back to School Keyboard 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{93094D10-9388-11D4-9886-0000B43F396D}" = Contrôle Parental
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.1 - Français
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec
"{DC24971E-1946-445D-8A82-CE685433FA7D}" =
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F58EA835-5280-49F0-9531-5F89DDC6FF5D}" = Ciel Devis Factures 5.11
"{F73F1A35-7526-4DAB-8B60-9EB7921F7066}" = Aerial MahJong
"{FB159DD9-6E5F-4C94-B288-E9D1D9FAFBA1}" = ATNavigation
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"10 Talismans" = 10 Talismans (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall Pro_is1" = Agnitum Outpost Firewall Pro
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"Atlantis Quest" = Atlantis Quest (remove only)
"AVGantiRootkit" = AVG Anti-Rootkit Free
"CCleaner" = CCleaner
"DivX Player" = DivX Player
"DivX Pro Codec Adware" = DivX Pro Codec Adware
"ERUNT_is1" = ERUNT 1.1j
"EZface ActiveX" = EZface ActiveX 207
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"ISSENDIS WebUpdate v6_is1" = ISSENDIS WebUpdate v6
"Mahjong Quest" = Mahjong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MUSK Codec Pack_is1" = MUSK Codec Pack v5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OFFICE One 150 Modèles de documents_is1" = OFFICE One 150 Modèles de documents
"OFFICE One 6.5" = OFFICE One 6.5
"OFFICE One 6.5 Bureautique désinstallation complète 6.5" = OFFICE One 6.5 Bureautique désinstallation complète 6.5
"OFFICE One Clock 6.5" = OFFICE One Clock 6.5
"OFFICE One Coffre Fort v6_is1" = OFFICE One Coffre Fort v6
"OFFICE One Color Picker 6.5" = OFFICE One Color Picker 6.5
"OFFICE One Comptes Bancaires v6_is1" = OFFICE One Comptes Bancaires v6
"OFFICE One Guide 6.5" = OFFICE One Guide 6.5
"OFFICE One Notes 6.5" = OFFICE One Notes 6.5
"OFFICE One PDF Manager 6.5" = OFFICE One PDF Manager 6.5
"OFFICE One Zip v6_is1" = OFFICE One Zip v6
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Secrets Of Olympus_is1" = Secrets Of Olympus
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"The Rise of Atlantis" = The Rise of Atlantis (remove only)
"UltraISO_is1" = UltraISO Premium V8.63
"Vade Retro Outllook & Outlook Express" = Vade Retro Outllook & Outlook Express
"Vodafone 804SS USB driver" = SAMSUNG Mobile USB Modem ^^
"Wanadoo Messager" = Wanadoo Messager
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4199243538-523269437-238855192-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/03/2010 14:58:34 | Computer Name = 121463130315 | Source = Userenv | ID = 1081
Description = Windows ne peut pas représenter l'utilisateur. (Descripteur non valide
). Le traitement de la stratégie de groupe est interrompu.

Error - 26/03/2010 17:13:46 | Computer Name = 121463130315 | Source = Userenv | ID = 1081
Description = Windows ne peut pas représenter l'utilisateur. (Descripteur non valide
). Le traitement de la stratégie de groupe est interrompu.

Error - 26/03/2010 18:51:46 | Computer Name = 121463130315 | Source = Userenv | ID = 1081
Description = Windows ne peut pas représenter l'utilisateur. (Descripteur non valide
). Le traitement de la stratégie de groupe est interrompu.

Error - 27/03/2010 15:38:11 | Computer Name = 121463130315 | Source = Userenv | ID = 1082
Description = Windows ne peut pas définir le compteur d'actualisation en arrière
plan. WaitForMultipleObjects (Accès refusé. ). Le traitement de la stratégie de
groupe est interrompu.

Error - 29/03/2010 12:27:53 | Computer Name = 121463130315 | Source = Application Hang | ID = 1002
Description = Application bloquée DeepBurner.exe, version 1.8.0.224, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/03/2010 12:31:34 | Computer Name = 121463130315 | Source = Application Hang | ID = 1002
Description = Application bloquée DeepBurner.exe, version 1.8.0.224, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/03/2010 12:31:42 | Computer Name = 121463130315 | Source = Application Hang | ID = 1002
Description = Application bloquée DeepBurner.exe, version 1.8.0.224, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/03/2010 12:53:42 | Computer Name = 121463130315 | Source = Application Hang | ID = 1002
Description = Application bloquée DeepBurner.exe, version 1.8.0.224, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/03/2010 13:42:06 | Computer Name = 121463130315 | Source = Userenv | ID = 1081
Description = Windows ne peut pas représenter l'utilisateur. (Descripteur non valide
). Le traitement de la stratégie de groupe est interrompu.

Error - 29/03/2010 16:45:35 | Computer Name = 121463130315 | Source = Application Error | ID = 1000
Description = Application défaillante hotelmahjong.exe, version 0.0.0.0, module
défaillant hotelmahjong.exe, version 0.0.0.0, adresse de défaillance 0x0000ea4b.

[ System Events ]
Error - 31/03/2010 13:30:26 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 31/03/2010 13:30:26 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7001
Description = Le service Configuration automatique sans fil dépend du service NDIS
mode utilisateur E/S Protocole qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 31/03/2010 13:30:26 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7001
Description = Le service Media Center Extender Service dépend du service SSDP Discovery
Service qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 31/03/2010 13:30:26 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Control Parental.

Error - 31/03/2010 13:30:26 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7000
Description = Le service Control Parental n'a pas pu démarrer en raison de l'erreur :
%%1053

Error - 31/03/2010 14:04:23 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%2

Error - 31/03/2010 14:04:23 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7001
Description = Le service Configuration automatique sans fil dépend du service NDIS
mode utilisateur E/S Protocole qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 31/03/2010 14:04:23 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7001
Description = Le service Media Center Extender Service dépend du service SSDP Discovery
Service qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 31/03/2010 14:04:23 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Control Parental.

Error - 31/03/2010 14:04:23 | Computer Name = 121463130315 | Source = Service Control Manager | ID = 7000
Description = Le service Control Parental n'a pas pu démarrer en raison de l'erreur :
%%1053


<End>

A l'avance je vous remercie

Cordialement

Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

pc plante

Messagede Grace » 02 Avr 2010, 19:24

Bonsoir,

Cela fait plusieurs jours que je vous ai exposé mon problème, avant de vous l'exposer j'ai fait de nombreuses recherches afin de voir si d'autres personnes avaient le même problème, et apparemment oui, mais les reponses données leurs sont personnelles.

A ce jour je n'ai aucune réponse, et j'ai lu sur le site que l'on pouvait faire un "up" au bout de 3 jours au moins, mais je ne sais pas ce que cela signifie et comment procéder.

A l'avance je remercie celui ou celle qui me répondra.

A bientôt

Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

Messagede nickW » 03 Avr 2010, 00:42

Bonsoir,


Question initiales:
1/ Quelle est la version de Avira Antivir?
La version actuelle est: Avira AntiVir Personal - FREE Antivirus, Version 9 (français) et Avira AntiVir Personal - FREE Antivirus, Version 10 (anglais)
http://www.free-av.com/en/download/download_servers.php


2/ AVG Anti-Rootkit: installé quand, mis à jour quand?
Note:
"AVG Anti-Rootkit étant désormais inclus uniquement dans les versions commerciales d'AVG 8.0, les mises à jour d'AVG Anti-Rootkit Version Free ne seront plus disponibles" (Novembre 2008).


3/ Quelle est la version de Spybot-S&D?
Note: ta version 1.5 a été rempacée en octobre 2008 par la version 1.6
La version actuelle est 1.6.2
http://www.safer-networking.org/fr/spybotsd/index.html


4/ Quels sont les age et puissance de l'alimentation?
Penses-tu à dépoussiérer le PC régulièrement?


5/ As-tu vérifié s'il n'y avait pas un problème de pilote?
Démarrer---->Paramètres---->Panneau de configuration---->Système---->Onglet Matériel--->Bouton Gestionnaire de périphériques
Vois-tu des icônes jaunes ou rouges?


Il faut désinstaller via Ajout/Suppression de programmes: pdfforge Toolbar


Quelques manips: Nettoyage de ce qu'a détecté Malwarebytes' Anti-Malware puis recherche de processus caché.

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur").
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Pas de processus de contrôle en temps réel
Si le PC a redémarré et s'ils ont été réactivés, il faut de nouveau désactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-100402.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 6: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 7: Résultats
Envoyer en réponse:
*- les réponses aux 5 questions initiales
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Gmer (contenu du fichier gmer-100402.txt)<----ce rapport est souvent très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

pc plante

Messagede Grace » 05 Avr 2010, 18:44

Bonsoir,

encore merci de votre réponse.
cela fait trois jours que j'essaie d'effectuer la procédure demandé, avec beaucoup de mal ; pour Malwarebyte pas de problème ; mais pour gmer mon ordinateur a du planté une dizaine de fois, soit au début de la recherche, soit au millieu, soit à la fin ; mon ordinateur s'eteint puis rallumé, a bloqué et il a fallu l'éteindre forcé, puis le rallumer ; et surtout il bloquait au moment ou je cliquais sur save à 3 reprises, plus rien ; a deux reprise j'ai eu un écran bleu avec "le problème semble être causé par 'pwdoikod.sys' " et des conseils sur de nouvelles installations ou logiciels, et j'ai du à nouveau forcé pour l'éteindre.
en désespoir de cause je me suis mise en démarrage sans échec et là j'ai pu fait l'analyse avec gmer et clique sur save sans problème ; mais j'ignore si les modules résident anti-virus et anti-spyware ont été désactivés ?

pour vos questions :
1- avira anti-vir Personnal free antivirus classic, téléchargé en avril 2009
2- avg anti-rootkit version 1.1.0.42 version free téléchargé en décembre 2007, pas de mise à jour,
3- j'ai téléchargé la nouvelle version de spybot 1.6.2
4 - âge et puissance alimentation : j'en ai aucune idée, j'ai pas compris la question
5- problème pilotes : je n'ai pas d'icônes rouges ou jaunes.

ci-dessous le rapport de malwarbyte :
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3951

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/04/2010 23:37:16
mbam-log-2010-04-03 (23-37-16).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 115312
Temps écoulé: 4 minute(s), 3 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

ci-dessous le rapport gmer qui n'est pas très long :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 14:18:34
Windows 5.1.2600 Service Pack 3
Running: 3m4kywlx.exe; Driver: C:\DOCUME~1\Grace\LOCALS~1\Temp\pwdoikod.sys


---- System - GMER 1.0.15 ----

SSDT spmf.sys ZwCreateKey [0xF74D70E0]
SSDT spmf.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spmf.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spmf.sys ZwOpenKey [0xF74D70C0]
SSDT spmf.sys ZwQueryKey [0xF74F6108]
SSDT spmf.sys ZwQueryValueKey [0xF74F5F88]
SSDT spmf.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 8A356BF8
INT 0x63 ? 8A1FEF00
INT 0x73 ? 8A1FEF00
INT 0x83 ? 8A344BF8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A3592D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spmf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spmf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spmf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spmf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spmf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spmf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spmf.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A1FE5E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spmf.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A3421F8
Device \Driver\nvata \Device\0000009b 8A3441F8
Device \Driver\usbohci \Device\USBPDO-0 8A2021F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3571F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A3571F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A3571F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A3571F8
Device \Driver\usbehci \Device\USBPDO-1 8A2411F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3C81F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3C81F8
Device \Driver\Cdrom \Device\CdRom0 8A2081F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbohci \Device\USBFDO-0 8A2021F8
Device \Driver\nvata \Device\NvAta0 8A3441F8
Device \Driver\usbehci \Device\USBFDO-1 8A2411F8
Device \Driver\Ftdisk \Device\FtControl 8A3C81F8
Device \FileSystem\Fastfat \Fat 8A0EA1F8
Device \FileSystem\Fastfat \Fat BA3CF297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A17B1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0x44 0xB6 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0x44 0xB6 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0x44 0xB6 0x9D ...

---- EOF - GMER 1.0.15 ----

a l'avance un grand merci.

Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

Messagede nickW » 06 Avr 2010, 00:49

Bonsoir,

cela fait trois jours que j'essaie d'effectuer la procédure demandé, avec beaucoup de mal

Pourquoi n'as-tu pas décrit tes problèmes plus tôt?


Commentaires sur tes réponses:

*- Avira Antivir n'est pas à jour

*- Tu continues à utiliser (en démarrage automatique et exécution permanente) un programme (AVG Anti-Rootkit) qui n'a pas été mis à jour depuis 1 an 1/2.
Il faut le désinstaller.

*- Tu n'as pas répondu au sujet du dépoussiérage.


*- les éléments détectés par Malwarebytes' Malwarebytes' Anti-Malware correspondent à un détournement des pages de recherche d'Internet Explorer par www.cherche.us
Ceci s'est produit parce que tu as été sur le site chat-land.org (que tu as même placé dans tes sites de confiance).
Les éléments ont été nettoyés, mais ils reviendront si tu continues à rendre visite à ce site douteux.


Vérification des températures et voltages.

Télécharger HWINFO32 depuis cette page: http://www.hwinfo.com/download32.html
Prendre la version : Portable / ZIP / v3.45-674 / (1.7 MB)

c'est-à-dire: http://www.hwinfo.sk/files/hw32_345.zip

Décompresser cette archive (clic droit, extraire tout) dans un dossier qui lui sera réservé.

Lancer le programme par un double clic sur hwinfo32.exe
Cliquer sur le bouton Run.

Fermer la fenêtre System Summary en cliquant sur Close (en bas à droite).

Cliquer en haut sur l'icône Sensors

Dans la fenêtre Sensor Status, noter les valeurs (Value, Min et Max) pour:
*- CPU
*- Motherboard
*- CPU
*- Vcore
*- DIMM
*- +3,3V
*- +12V
*- VBAT

*- SMART

Envoyer ces valeurs en réponse.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

pc plante

Messagede Grace » 06 Avr 2010, 13:00

Bonjour,

Merci pour les réponses ; mes problèmes ont démarrés quelques jours avant l'envoi de ma première demande ; mais cela s'est aggravé ce week end lorsque j'ai installé gmer et lorsque je l'ai utilisé ; hier après l'envoi de mes résultats j'ai naviqué sur internet sans problème, et j'ai voulu relancer gmer (au cas ou celui envoyé en mode sans échec n'était pas correct) et dès que j'ai cliqué dans scan tout s'est figé, plus de souris, plus rien ; dois-je le désinstaller ?

j'ai désinstallé avg anti rootkit ; je vais mettre à jour avira antivir (je pensais que les mises à jours quotidiennes étaient suffisantes) ; j'utilise régulièrement ccleaner, mais j'avais décoché dans internet explorer "les adresses tapées récemment" ; maintenant je fait un nettoyage total ;

pour le site chat-land.org, il s'est mis tout seul dans les site de confiance ; et promis je n'irais plus sur ce type de site douteux.

pour la vérification des températures et voltages, ci dessous le résultat :

cpu core0 TSO : 33.0°C 33.0°C 37.0°C
cpu core1 TSO : 38.0°C 37.0°C 40.0°C

MCP température : 60.0°C 60.0°C 60.6°C

VCORE : 1.376V 1.376V 1.376V

DIMM : je n'ai pas d'infos

+ 5V : 4.892V 4892V 4.919V
+ 12V : 12.352V 12.352V 12.416V

VBAT : 2.992V 2.992V 2.992V

SMART : 37.0°C 36.0°C 37.0°C

j'ai déjà utilisé énormemment d'infos sur le site ; mais lorsque tout va bien on oublie un peu les règles pour la bonne marche du pc ; mais là je vais aller régulièrement sur le site et bien suivre les indications.

dans l'attente de votre réponse,

je vous remercie infiniment du temps que vous m'avez consacré, merci

Grace
Grace
 
Messages: 47
Inscription: 25 Nov 2005, 10:13
Localisation: moselle

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Google [Bot] et 43 invités