[OK] PC infecté avec cheval de troie New Malware.j et Generi

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] PC infecté avec cheval de troie New Malware.j et Generi

Messagede gmourral » 21 Avr 2010, 17:48

Bonjour,

Depuis ce matin ce dès que j'utilise le réseau (accès à une page internet ou rafraichissement de ma messagerie) Mac Afee affiche un message d'alerte me disant qu'il a détecté un cheval de troie et qu'il l'a supprimé.
il est détecté dans le fichier svchost.exe soit en tant que Generic PWS.y!cbm, soit comme New malware.j

Par contre si je travaille non connecté au réseau, les messages d'alerte Mac Afee ne se déclenchent pas.


J'ai exécuté Malwarebyte, qui n'a rien trouvé.
Voici le rapport :
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 4014

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21/04/2010 13:55:23
mbam-log-2010-04-21 (13-55-23).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 125431
Temps écoulé: 7 minute(s), 8 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Voici le rapport OTL.txt


OTL logfile created on: 21/04/2010 14:37:03 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = D:\Documents and Settings\GXXXXXX\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,88 Gb Total Space | 31,41 Gb Free Space | 67,01% Space Free | Partition Type: NTFS
Drive D: | 102,17 Gb Total Space | 30,98 Gb Free Space | 30,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRXXXXXX
Current User Name: GXXXXXX
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/21 13:39:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\GXXXXXX\Bureau\OTL.exe
PRC - [2010/04/13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/30 00:46:02 | 001,086,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/01/15 00:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/09/25 04:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 04:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 04:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/07/09 13:21:36 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/29 04:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/21 20:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/17 14:23:28 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/04/17 14:20:14 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/03/13 17:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/02/02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009/02/02 18:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009/01/29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/04/27 02:33:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/21 13:39:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\GXXXXXX\Bureau\OTL.exe
MOD - [2009/08/13 15:56:14 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/05/20 04:56:52 | 002,458,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WMVCore.dll
MOD - [2009/02/27 07:29:00 | 000,204,800 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\NetProvCredMan.dll
MOD - [2008/06/12 02:16:06 | 000,311,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/04/13 19:33:38 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:33:36 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:33:36 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:33:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:33:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 19:33:24 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 11:36:48 | 002,986,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2007/10/25 09:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmasf.dll
MOD - [2006/10/18 22:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PortableDeviceApi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/05/21 20:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/24 07:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/22 18:22:00 | 000,147,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/04/07 17:19:22 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/05/29 04:30:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/05/21 20:34:00 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/05/01 11:52:58 | 006,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/03/19 19:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/01/28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/26 14:02:04 | 000,023,080 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/10/06 10:47:36 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/09/18 09:03:13 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/18 09:03:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/08/27 21:35:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/08/27 21:35:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/08/27 21:35:26 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/08/27 20:40:38 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/13 18:53:20 | 000,023,680 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:30:02 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/10 10:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/09/21 17:55:16 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/11/30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2001/08/17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1531082355-734649621-3782574898-179074\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1531082355-734649621-3782574898-179074\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/11 08:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/12 10:07:30 | 000,000,000 | ---D | M]

[2009/06/11 17:45:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions
[2009/06/11 17:45:35 | 000,000,000 | ---D | M] (Chickenfoot) -- D:\Documents and Settings\GXXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2009/06/11 17:45:34 | 000,000,000 | ---D | M] (Fasterfox) -- D:\Documents and Settings\GXXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/06/11 17:45:33 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\GXXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/11 08:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/11 08:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/18 01:04:44 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/18 01:04:44 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/18 01:04:44 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/12/18 01:04:44 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/18 01:04:44 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/09/06 20:27:53 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2006/06/03 22:11:43 | 000,001,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/06 22:56:53 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 22:28:40 | 000,001,441 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2006/09/11 21:46:49 | 000,000,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: D:\Documents and Settings\GXXXXXX\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1531082355-734649621-3782574898-179074\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-1531082355-734649621-3782574898-179074\..Trusted Domains: CXXXXXX.com ([]* in Intranet local)
O15 - HKU\S-1-5-21-1531082355-734649621-3782574898-179074\..Trusted Domains: CXXXXXX.fr ([]* in Intranet local)
O15 - HKU\S-1-5-21-1531082355-734649621-3782574898-179074\..Trusted Ranges: Range1 ([http] in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.CXXXXXX.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel(R) Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 18:52:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##savetmn#partage\Shell - "" = AutoRun
O33 - MountPoints2\##savetmn#partage\Shell\AUTopLay\coMmaND - "" = exkkqx.pif
O33 - MountPoints2\##savetmn#partage\Shell\AutoRun\command - "" = exkkqx.pif
O33 - MountPoints2\##savetmn#partage\Shell\EXplore\coMmAnD - "" = exkkqx.pif
O33 - MountPoints2\##savetmn#partage\Shell\Open\CoMmanD - "" = exkkqx.pif
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\auToPlAY\CoMmaNd - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\AutoRun\command - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\expLoRE\CommanD - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\opEN\COmmand - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{97715228-42d6-11df-9d32-001e65c8a18a}\Shell - "" = AutoRun
O33 - MountPoints2\{97715228-42d6-11df-9d32-001e65c8a18a}\Shell\AutoRun\command - "" = F:\loader.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/16 20:35:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/21 13:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/21 13:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/21 13:39:31 | 000,562,176 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\GXXXXXX\Bureau\OTL.exe
[2010/04/20 23:30:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\81CDF27468F7A692A29B835B4AB0C94B
[2010/04/20 23:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/20 22:03:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\dvdcss
[2010/04/19 19:02:54 | 000,000,000 | ---D | C] -- D:\Mes Documents\Oasis
[2010/04/18 08:28:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\vlc
[2010/04/18 08:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/18 08:09:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\DivX
[2010/04/18 08:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/04/18 08:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/18 08:05:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 22:18:58 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/04/17 22:18:57 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/04/16 14:38:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\gtk-2.0
[2010/04/16 14:38:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\.thumbnails
[2010/04/16 14:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\.gimp-2.6
[2010/04/16 14:36:23 | 000,000,000 | ---D | C] -- D:\Mes Documents\gegl-0.0
[2010/04/15 19:28:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\Microsoft Help
[2010/04/14 13:30:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/04/14 13:30:28 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010/04/14 13:30:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/04/11 08:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnH Solutions
[2010/04/11 08:46:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2010/04/11 08:36:19 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/04/11 08:36:19 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/04/11 08:36:19 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/04/09 17:36:22 | 000,000,000 | ---D | C] -- C:\456
[2010/04/09 17:33:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\Deployment
[2010/04/09 17:24:58 | 000,000,000 | ---D | C] -- D:\Mes Documents\GRTGaz
[2010/04/08 15:20:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Media Player Classic
[2010/04/08 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/04/08 15:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/04/08 15:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\THE Rename
[2010/04/08 12:49:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2010/04/08 12:49:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2010/04/08 12:49:18 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010/04/08 08:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ancestrologie
[2010/04/07 18:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/04/07 18:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/04/07 18:30:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/04/07 18:27:57 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/07 18:27:53 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2010/04/07 18:27:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/04/07 18:27:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2010/04/07 18:27:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010/04/07 18:27:29 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2010/04/07 18:27:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/07 18:27:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/07 18:27:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2010/04/07 18:27:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/07 18:27:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/04/07 18:26:56 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2010/04/07 18:26:47 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010/04/07 18:26:29 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010/04/07 18:25:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\Adobe
[2010/04/07 17:21:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\TrueCrypt
[2010/04/07 17:19:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010/04/07 17:19:22 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/04/07 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/04/07 16:42:30 | 000,000,000 | ---D | C] -- D:\Mes Documents\Tscadraw
[2010/04/07 16:41:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Perso
[2010/04/07 16:40:47 | 000,000,000 | ---D | C] -- D:\Mes Documents\MS-Project
[2010/04/07 16:40:28 | 000,000,000 | --SD | C] -- D:\Mes Documents\Mes sources de données
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Bluetooth
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\blobby
[2010/04/07 16:24:09 | 000,000,000 | ---D | C] -- D:\Mes Documents\ARJ
[2010/04/07 16:24:08 | 000,000,000 | ---D | C] -- D:\Mes Documents\Arithmogriph
[2010/04/07 14:37:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Malwarebytes
[2010/04/07 14:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 14:36:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/07 14:36:49 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 14:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 14:25:25 | 000,000,000 | ---D | C] -- C:\Quarantine
[2010/04/07 14:18:50 | 000,000,000 | ---D | C] -- C:\TSCADRAW
[2010/04/07 14:17:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/04/07 14:17:22 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/04/07 14:03:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\McAfee
[2010/04/07 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2010/04/07 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CCM
[2010/04/07 13:51:24 | 000,000,000 | ---D | C] -- C:\WTR
[2010/04/07 13:50:28 | 000,202,240 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\CXXXXXX.scr
[2010/04/07 13:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CXXXXXX dir
[2010/04/07 13:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Helpdesk
[2010/04/07 13:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2010/04/07 13:49:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$UninstallRDC$
[2010/04/07 13:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ccmsetup
[2010/04/07 13:49:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certadm.dll
[2010/04/07 13:49:16 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certutil.exe
[2010/04/07 13:48:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\dot3svc
[2010/04/07 13:48:32 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\GXXXXXX\Local Settings
[2010/04/07 13:48:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\Microsoft
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Macromedia
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Lenovo
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\InterVideo
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Intel
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Identities
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Avaya
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Adobe
[2010/04/07 13:48:22 | 000,000,000 | --SD | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Microsoft
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\PSpad
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Notepad++
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Mozilla
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\GXXXXXX\SendTo
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\GXXXXXX\Recent
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\GXXXXXX\Application Data
[2010/04/07 13:48:20 | 000,000,000 | R--D | C] -- D:\Documents and Settings\GXXXXXX\Menu Démarrer
[2010/04/07 13:48:20 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\GXXXXXX\Cookies
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\GXXXXXX\Voisinage réseau
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\GXXXXXX\Voisinage d'impression
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\GXXXXXX\Modèles
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Tracing
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Sun
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Application Data\Roxio
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Mes documents
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Favoris
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXXX\Bureau
[2010/04/07 13:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/03/31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/21 14:39:24 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/21 13:44:30 | 000,000,678 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\ERUNT.lnk
[2010/04/21 13:39:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\GXXXXXX\Bureau\OTL.exe
[2010/04/21 11:36:13 | 000,000,633 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\Notepad++.lnk
[2010/04/21 09:17:27 | 001,107,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/21 09:17:27 | 000,505,588 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/04/21 09:17:27 | 000,437,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/21 09:17:27 | 000,082,400 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/04/21 09:17:27 | 000,069,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/21 09:14:22 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/21 09:12:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/21 09:12:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/21 08:34:16 | 004,456,448 | -H-- | M] () -- D:\Documents and Settings\GXXXXXX\ntuser.dat
[2010/04/21 08:34:16 | 000,000,284 | -HS- | M] () -- D:\Documents and Settings\GXXXXXX\ntuser.ini
[2010/04/21 08:34:07 | 004,279,682 | -H-- | M] () -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\IconCache.db
[2010/04/21 07:11:04 | 000,002,054 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/20 13:06:24 | 000,019,530 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/04/18 08:27:28 | 000,000,638 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/16 14:38:15 | 000,000,834 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\.recently-used.xbel
[2010/04/14 14:32:00 | 000,030,208 | ---- | M] () -- D:\Mes Documents\simsgirl.doc
[2010/04/14 13:34:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 23:09:48 | 000,011,776 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 12:05:35 | 000,000,008 | RHS- | M] () -- D:\Documents and Settings\GXXXXXX\ntuser.pol
[2010/04/12 10:02:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 08:48:25 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\SWF Opener.lnk
[2010/04/08 15:13:06 | 000,000,649 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 15:04:40 | 000,000,545 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\THE Rename.lnk
[2010/04/08 10:20:57 | 000,002,307 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Communicator 2007.lnk
[2010/04/08 08:21:57 | 000,000,577 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\Ancestrologie.lnk
[2010/04/08 07:23:33 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/07 17:19:25 | 000,000,553 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 17:19:22 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/04/07 14:36:54 | 000,000,585 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 13:54:47 | 000,061,320 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/07 13:51:59 | 000,004,764 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:50:29 | 000,202,240 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\CXXXXXX.scr
[2010/03/31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/31 03:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Px.dll
[2010/03/31 03:58:04 | 000,559,600 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/03/31 03:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxWave.dll
[2010/03/31 03:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\PxMas.dll
[2010/03/31 03:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 20:00:34 | 000,002,411 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Excel 2007.lnk
[2010/03/23 11:47:54 | 000,002,453 | ---- | M] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Word 2007.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/21 13:44:30 | 000,000,678 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/16 14:38:15 | 000,000,834 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\.recently-used.xbel
[2010/04/12 14:56:59 | 000,030,208 | ---- | C] () -- D:\Mes Documents\simsgirl.doc
[2010/04/11 08:48:25 | 000,000,644 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\SWF Opener.lnk
[2010/04/11 08:36:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/04/11 08:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/11 08:36:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/11 08:36:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/11 08:36:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/11 08:36:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/08 15:19:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/08 15:13:06 | 000,000,649 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 08:26:08 | 000,011,776 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 08:21:57 | 000,000,577 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Ancestrologie.lnk
[2010/04/07 17:19:25 | 000,000,553 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 16:42:36 | 000,451,584 | ---- | C] () -- D:\Mes Documents\OTMRO_Assessment tool - User Guide (V8 2).doc
[2010/04/07 16:42:36 | 000,211,456 | ---- | C] () -- D:\Mes Documents\Billet avion.doc
[2010/04/07 16:42:36 | 000,059,392 | ---- | C] () -- D:\Mes Documents\Chiffrage.ppt
[2010/04/07 16:42:36 | 000,043,943 | ---- | C] () -- D:\Mes Documents\Learning_Agreement_In_2009-2010.pdf
[2010/04/07 16:42:36 | 000,033,518 | ---- | C] () -- D:\Mes Documents\vanguard.xlsx
[2010/04/07 16:42:36 | 000,031,120 | ---- | C] () -- D:\Mes Documents\e-Speaking Commands.xml
[2010/04/07 16:42:36 | 000,028,160 | ---- | C] () -- D:\Mes Documents\Bonjour.doc
[2010/04/07 16:42:36 | 000,022,016 | ---- | C] () -- D:\Mes Documents\WBS_9CE.xls
[2010/04/07 16:42:36 | 000,018,944 | ---- | C] () -- D:\Mes Documents\CR finance.xls
[2010/04/07 16:42:36 | 000,015,360 | ---- | C] () -- D:\Mes Documents\Campaign 002.xls
[2010/04/07 16:42:36 | 000,013,824 | ---- | C] () -- D:\Mes Documents\ER_BPWS.xls
[2010/04/07 16:42:35 | 000,079,360 | ---- | C] () -- D:\Mes Documents\2007_07_02_change-request_19_V1.0.doc
[2010/04/07 14:36:54 | 000,000,585 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 14:18:04 | 000,001,124 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Raccourci vers Slide-A0-FT4 Packages-EN.ppt.lnk
[2010/04/07 14:18:04 | 000,000,545 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\THE Rename.lnk
[2010/04/07 14:18:04 | 000,000,467 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Raccourci vers TSCADRAW.EXE.lnk
[2010/04/07 14:18:03 | 000,002,453 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Word 2007.lnk
[2010/04/07 14:18:03 | 000,002,411 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Excel 2007.lnk
[2010/04/07 14:18:03 | 000,002,307 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Communicator 2007.lnk
[2010/04/07 14:18:03 | 000,002,133 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Open Workbench.lnk
[2010/04/07 14:18:03 | 000,002,072 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Access 2003.lnk
[2010/04/07 14:18:03 | 000,002,036 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Project 2003.lnk
[2010/04/07 14:18:03 | 000,001,960 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Microsoft Office Visio 2003.lnk
[2010/04/07 14:18:03 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\MyDVD.lnk
[2010/04/07 14:18:03 | 000,001,423 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Calculatrice.lnk
[2010/04/07 14:18:03 | 000,000,632 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Raccourci vers SSSS.lnk
[2010/04/07 14:18:03 | 000,000,537 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\NetMeeting.lnk
[2010/04/07 13:51:59 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:51:36 | 000,001,260 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\WTR.lnk
[2010/04/07 13:51:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/07 13:50:52 | 000,000,760 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\Sauvegarde.lnk
[2010/04/07 13:49:33 | 000,000,008 | RHS- | C] () -- D:\Documents and Settings\GXXXXXX\ntuser.pol
[2010/04/07 13:48:33 | 000,000,284 | -HS- | C] () -- D:\Documents and Settings\GXXXXXX\ntuser.ini
[2010/04/07 13:48:32 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\GXXXXXX\ntuser.dat.LOG
[2010/04/07 13:48:24 | 000,001,778 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Bureau\VPN Client.lnk
[2010/04/07 13:48:24 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\GXXXXXX\Default User v LXP.6.txt
[2010/04/07 13:48:20 | 004,456,448 | -H-- | C] () -- D:\Documents and Settings\GXXXXXX\ntuser.dat
[2009/09/10 17:41:31 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/03/24 05:14:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2008/11/03 17:09:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/31 18:35:48 | 000,019,530 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2008/09/17 18:30:00 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/09/17 18:29:17 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/09/17 18:29:16 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/09/17 17:12:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/17 17:12:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/17 17:12:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/17 17:12:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/17 17:12:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/17 17:12:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/17 17:08:17 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/09/17 17:08:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/17 11:49:31 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/17 10:27:04 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2008/09/17 10:26:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ActivPackTok.dll
[2008/09/17 10:26:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ActivPackAPI.dll
[2008/09/17 10:26:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ActivPackErrLog.dll
[2008/09/16 20:15:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/09/16 20:14:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/09/16 19:13:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/01/04 15:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2004/08/04 02:37:26 | 000,023,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys
[2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\renMM.dll
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\therename.dll
[2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\renogg.dll

========== LOP Check ==========

[2009/09/07 16:09:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Lenovo
[2010/04/07 17:19:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2008/10/31 18:35:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\Avaya
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\InterVideo
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\Lenovo
[2009/09/08 16:13:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application
Dernière édition par gmourral le 25 Mai 2010, 17:52, édité 2 fois.
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Rapport Extra.txt

Messagede gmourral » 21 Avr 2010, 17:54

OTL Extras logfile created on: 21/04/2010 14:37:03 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = D:\Documents and Settings\GXXXXXX\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,88 Gb Total Space | 31,41 Gb Free Space | 67,01% Space Free | Partition Type: NTFS
Drive D: | 102,17 Gb Total Space | 30,98 Gb Free Space | 30,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FXXXXXX
Current User Name: GXXXXXX
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [THE Rename] -- "C:\Program Files\THE Rename\rename.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Gestion à distance de Windows
"80:TCP" = 80:TCP:*:Disabled:Gestion à distance de Windows - Mode de compatibilité (HTTP-Entrée)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{037774E1-6C5A-46B8-8AD1-2A8F00FB1F5B}" = CollabNet Desktop - Microsoft Windows Edition
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = Utilitaire ThinkPad EasyEject
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Utilitaire ThinkPad UltraNav
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = Système de protection active ThinkVantage
"{49912AF4-DDEA-434B-B1BB-73A223513180}" = Clarity Schedule Connect
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Gestionnaire de présentation
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{7F33B77F-E1D9-4A2D-BA39-2B2A9524F850}" =
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001C-040C-0000-0000000FF1CE}" = Microsoft Office Access Runtime (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_STANDARD_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_STANDARD_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_STANDARD_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = Gestionnaire d'alimentation ThinkPad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AED0B5AC-0771-4600-9777-9C4C910EBE09}" = Open Workbench
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B639A4DE-A375-47D3-89C3-DDCF98D992F7}" = McAfee Agent
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Supplément à Productivity Center pour ThinkPad
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ancestrologie_is1" = Ancestrologie 2006
"Capgemini" = Capgemini Screen Saver
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Dialer" = Access Companion
"DivX Setup.divx.com" = Configuration DivX
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ITPM" = Intel® Trusted Platform Module
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Technologie d’administration active Intel®
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"OnScreenDisplay" = Incrustation
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"PSPad editor_is1" = PSPad editor
"RDC" = RDC
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"THE Rename_is1" = THE Rename 2.1.6
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1531082355-734649621-3782574898-179074\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"efbf9226e8c77979" = 456 EPP EDP

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/04/2010 01:12:17 | Computer Name = FXXXXXX | Source = Userenv | ID = 1054
Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre
réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement
de la stratégie de groupe est interrompu.

Error - 21/04/2010 01:12:18 | Computer Name = FXXXXXX | Source = AutoEnrollment | ID = 15
Description = L'inscription de certificat automatique pour Système local n'a pas
pu contacter Active directory (0x8007054b) Le domaine spécifié n'existe pas ou
n'a pas pu être contacté. . L'inscription ne sera pas effectuée.

Error - 21/04/2010 01:12:50 | Computer Name = FXXXXXX | Source = UserInit | ID = 1000
Description = Impossible d'exécuter le script suivant \\corp.capgemini.com\France\Scripts\FRA\FR-FRA-C-AdminPwDLocal\pwd_admin.exe.L'emplacement
réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution
des problèmes du réseau, consultez l'aide de Windows.

Error - 21/04/2010 01:12:50 | Computer Name = FXXXXXX | Source = UserInit | ID = 1000
Description = Impossible d'exécuter le script suivant \\corp.capgemini.com\France\Scripts\FRA\FR-FRA-C-AdminLocalPc\AdminFrance.vbs.L'emplacement
réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution
des problèmes du réseau, consultez l'aide de Windows.

Error - 21/04/2010 01:12:50 | Computer Name = FXXXXXX | Source = UserInit | ID = 1000
Description = Impossible d'exécuter le script suivant \\corp.capgemini.com\France\Scripts\FRA\FR-FRA-C-ProfilesVPN\ProfilesVPN.vbs.L'emplacement
réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution
des problèmes du réseau, consultez l'aide de Windows.

Error - 21/04/2010 01:12:50 | Computer Name = FXXXXXX | Source = UserInit | ID = 1000
Description = Impossible d'exécuter le script suivant \\corp.capgemini.com\France\Scripts\FRA\FR-FRA-C-InstallSCCM2007-Regions\DetectSMSAllSites.vbs.L'emplacement
réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution
des problèmes du réseau, consultez l'aide de Windows.

Error - 21/04/2010 01:12:51 | Computer Name = FXXXXXX | Source = UserInit | ID = 1000
Description = Impossible d'exécuter le script suivant DNSCorpEST.vbs.Le fichier
spécifié est introuvable.

Error - 21/04/2010 01:14:47 | Computer Name = FXXXXXX | Source = Userenv | ID = 1054
Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre
réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement
de la stratégie de groupe est interrompu.

Error - 21/04/2010 07:23:07 | Computer Name = FXXXXXX | Source = McLogEvent | ID = 259
Description = Le fichier C:\WINDOWS\Temp\xhlf.tmp\svchost.exe contient le Cheval
de Troie New Malware.j. Aucun système de nettoyage disponible, suppression réussie.
Détection effectuée avec le moteur d'analyse 5400.1158 et le fichier DAT 5957.0000.

Error - 21/04/2010 07:42:13 | Computer Name = FXXXXXX | Source = McLogEvent | ID = 259
Description = Le fichier C:\WINDOWS\Temp\joce.tmp\svchost.exe contient le Cheval
de Troie New Malware.j. Aucun système de nettoyage disponible, suppression réussie.
Détection effectuée avec le moteur d'analyse 5400.1158 et le fichier DAT 5957.0000.

[ System Events ]
Error - 21/04/2010 03:12:50 | Computer Name = FXXXXXX | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 21/04/2010 03:14:40 | Computer Name = FXXXXXX | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation spécifiques à l'application n'accordent
pas d'autorisation Locale Exécution pour l'application serveur COM avec le CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48} au SID AUTORITE NT\SYSTEM de l'utilisateur
(S-1-5-18). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 21/04/2010 03:15:19 | Computer Name = FXXXXXX | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 21/04/2010 03:15:20 | Computer Name = FXXXXXX | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 21/04/2010 03:15:20 | Computer Name = FXXXXXX | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation par défaut de l'ordinateur n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 21/04/2010 04:03:28 | Computer Name = FXXXXXX | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 21/04/2010 05:09:09 | Computer Name = FXXXXXX | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 21/04/2010 06:31:16 | Computer Name = FXXXXXX | Source = DCOM | ID = 10016
Description = Les paramètres d'autorisation spécifiques à l'application n'accordent
pas d'autorisation Locale Activation pour l'application serveur COM avec le CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E} au SID AUTORITE NT\SERVICE RÉSEAU de l'utilisateur
(S-1-5-20). Cette autorisation de sécurité peut être modifiée à l'aide de l'outil
d'administration Services de composants.

Error - 21/04/2010 06:45:00 | Computer Name = FXXXXXX | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 21/04/2010 07:56:02 | Computer Name = FXXXXXX | Source = NETLOGON | ID = 5719
Description = Aucun contrôleur de domaine n'est disponible pour le domaine CORP
pour la raison suivante : %%1311. Vérifiez que l'ordinateur est connecté au réseau
et tentez une nouvelle fois. Si le problème persiste, contactez votre administrateur
système.


<End>
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede nickW » 21 Avr 2010, 23:25

Bonsoir,

1/ Quel est l'emplacement exact du fichier svchost.exe détecté comme infecté?


2/ Peux-tu envoyer la fin du rapport OTL.Txt?
Ce qui se trouve sous:
========== LOP Check ==========


3/ Pourquoi désactives-tu le BBCode dans tes messages?

A suivre,
Dernière édition par nickW le 23 Avr 2010, 00:33, édité 1 fois.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede gmourral » 22 Avr 2010, 08:56

Bonjour,

Merci de t'occuper de mon cas
Voici les réponses :

1)l'emplacement est C:\windows\temp\xxxx.tmp\svchost.exe. Le nom xxxx est différent à chaque nouvelle occurence de détection. Sinon l'application est sous Windows\system32, mais c'est normal


2) Désolé je dois avoir 2 mains gauches ;-)
Voici la fin du rapport OTL

========== LOP Check ==========

[2009/09/07 16:09:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Lenovo
[2010/04/07 17:19:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2008/10/31 18:35:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\Avaya
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\InterVideo
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\Lenovo
[2009/09/08 16:13:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\Notepad++
[2010/04/21 07:11:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\81CDF27468F7A692A29B835B4AB0C94B
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\Avaya
[2010/04/16 14:38:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\gtk-2.0
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\InterVideo
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\Lenovo
[2009/09/08 16:13:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\Notepad++
[2010/04/14 19:20:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXXX\Application Data\TrueCrypt
[2010/04/21 14:39:24 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

<MD5>
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/11/03 18:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Program Files\Lenovo\System Update\session\7zim57ww\IaStor.sys
[2008/11/03 18:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\WINDOWS\system32\ReinstallBackups\0029\DriverFiles\iaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Lenovo\System Update\session\7zim64ww\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

<MD5>
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2009/08/17 23:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>
<End>

3) J'ai désactivé le BBcode par erreur

Merci
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede nickW » 23 Avr 2010, 00:40

Bonsoir,

Utilisation d'un outil Kaspersky, puis recherche de processus cachés:


Étape 1: Load_tdsskiller (de Loup Blanc)
Télécharger Load_tdsskiller depuis le lien ci-dessous:
http://fradesch.perso.cegetel.net/trans ... killer.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: TDSSKiller (de Kaspersky), exécution
Faire un double clic sur Load_tdsskiller.exe pour le lancer.
Cet outil va se connecter à internet pour télécharger une version à jour de TDSSKiller (de Kaspersky) puis lancer l'exécution de l'analyse.
A la fin de l'analyse, appuyer sur une touche comme demandé.
Le rapport s'affiche dans le Bloc-notes. Fermer le Bloc-notes.
Faire redémarrer le PC.


Étape 3: RootRepeal (de AD), téléchargement
Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.googlepages.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

Décompresser l'archive téléchargée (via clic droit, puis "Extraire tout") dans ce nouveau dossier RootRepeal


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image McAfee Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Exit" et confirmer


Étape 5: RootRepeal (de AD), exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:
Image

Cliquer sur le bouton Scan
Image

Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services
+ Shadow SSDT

Image

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (généralement C:\)
Image

Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.
Image

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-100422.txt

Ouvrir le menu File (tout en haut, à gauche), cliquer sur Exit pour fermer le programme.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de TDSSKiller (contenu du fichier SystemDrive\tdsskiller\report.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

*- le rapport de RootRepeal (contenu du fichier RootRepeal-100422.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede gmourral » 23 Avr 2010, 07:24

Bonjour,

Je n'ai pas trouvé le rapport Tdsskiller

voici le rapport rootrepeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/23 07:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xA6D33000 Size: 98144 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5D4000 Size: 7936 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: klmdb.sys
Image Path: klmdb.sys
Address: 0xBA328000 Size: 31104 File Visible: No Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA6B99000 Size: 180608 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA81EB000 Size: 455680 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D24000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA3D47000 Size: 49152 File Visible: No Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA8373000 Size: 361600 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: tskC.tmp
Image Path: tskC.tmp
Address: 0xB9EEC000 Size: 96512 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\ls_scheduledcleanup\00000006.msg
Status: Allocation size mismatch (API: 73728, Raw: 61440)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\peerdpmanager\00000002.msg
Status: Allocation size mismatch (API: 77824, Raw: 73728)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_cleanup\00000002.msg
Status: Allocation size mismatch (API: 77824, Raw: 73728)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_policyevaluator\0000000s.msg
Status: Allocation size mismatch (API: 24576, Raw: 20480)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_requestassignments\0000000b.msg
Status: Allocation size mismatch (API: 40960, Raw: 28672)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\statemessagemanager\0000000e.msg
Status: Allocation size mismatch (API: 61440, Raw: 57344)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_[http]mp_policymanager\00000007.msg
Status: Allocation size mismatch (API: 61440, Raw: 57344)

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\EPP_EDP.UI.exe.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\EPP_EDP.UI.exe.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinEditors.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinEditors.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Shared.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Shared.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Microsoft.Web.Services3.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Microsoft.Vbe.Interop.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Microsoft.Vbe.Interop.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Microsoft.Office.Interop.Excel.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Microsoft.Office.Interop.Excel.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\office.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\office.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.Misc.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Microsoft.Web.Services3.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinMaskedEdit.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinMaskedEdit.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinGrid.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinGrid.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinChart.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinChart.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinTabbedMdi.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinTabbedMdi.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinDataSource.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinDataSource.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinTree.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.UltraWinTree.v8.2.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\Infragistics2.Win.Misc.v8.2.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\SD.LLBLGen.Pro.DQE.SqlServer.NET20.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\SD.LLBLGen.Pro.DQE.SqlServer.NET20.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\SD.LLBLGen.Pro.ORMSupportClasses.NET20.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\SD.LLBLGen.Pro.ORMSupportClasses.NET20.manifest
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: D:\Documents and Settings\GXXXXX\Local Settings\Apps\2.0\52LBTPBB.DXO\7N5YN95M.9HZ\manifests\stdole.manifest
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: svchost.exe (PID: 1880) Address: 0xe2a32020 Size: -

Object: Hidden Handle [Index: 2052, Type: UnknownType]
Process: svchost.exe (PID: 1880) Address: 0xe39a2020 Size: -

Object: Hidden Handle [Index: 6148, Type: UnknownType]
Process: svchost.exe (PID: 1880) Address: 0xe2bd4020 Size: -

Object: Hidden Handle [Index: 8196, Type: UnknownType]
Process: svchost.exe (PID: 1880) Address: 0xe211f818 Size: -

Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: rundll32.exe (PID: 3736) Address: 0xe2d96818 Size: -

==EOF==
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede gmourral » 23 Avr 2010, 07:26

Voici le rapport OTL

OTL logfile created on: 23/04/2010 07:24:06 - Run 2
OTL by OldTimer - Version 3.2.1.3 Folder = D:\Documents and Settings\GXXXXX\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,88 Gb Total Space | 31,20 Gb Free Space | 66,55% Space Free | Partition Type: NTFS
Drive D: | 102,17 Gb Total Space | 30,83 Gb Free Space | 30,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FXXXXXX
Current User Name: GXXXXX
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/21 13:39:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\GXXXXX\Bureau\OTL.exe
PRC - [2010/04/13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/09/25 04:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 04:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 04:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/07/09 13:21:36 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/29 04:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/21 20:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/17 14:23:28 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/04/17 14:20:14 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 19:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/03/13 17:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/02/02 20:16:48 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009/02/02 18:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009/01/29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/04/27 02:33:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/21 13:39:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\GXXXXX\Bureau\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/05/21 20:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/24 07:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/22 18:22:00 | 000,147,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/05/11 08:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/12 10:07:30 | 000,000,000 | ---D | M]

[2009/06/11 17:45:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions
[2009/06/11 17:45:35 | 000,000,000 | ---D | M] (Chickenfoot) -- D:\Documents and Settings\GXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2009/06/11 17:45:34 | 000,000,000 | ---D | M] (Fasterfox) -- D:\Documents and Settings\GXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/06/11 17:45:33 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\GXXXXX\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/11 08:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/11 08:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/18 01:04:44 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/18 01:04:44 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/18 01:04:44 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/12/18 01:04:44 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/18 01:04:44 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2006/09/06 20:27:53 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2006/06/03 22:11:43 | 000,001,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/06 22:56:53 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 22:28:40 | 000,001,441 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2006/09/11 21:46:49 | 000,000,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: D:\Documents and Settings\GXXXXX\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: capgemini.com ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: capgemini.fr ([]* in Intranet local)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.capgemini.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel(R) Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\GXXXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\GXXXXX\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 18:52:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##savetmn#partage\Shell - "" = AutoRun
O33 - MountPoints2\##savetmn#partage\Shell\AUTopLay\coMmaND - "" = exkkqx.pif
O33 - MountPoints2\##savetmn#partage\Shell\AutoRun\command - "" = exkkqx.pif
O33 - MountPoints2\##savetmn#partage\Shell\EXplore\coMmAnD - "" = exkkqx.pif
O33 - MountPoints2\##savetmn#partage\Shell\Open\CoMmanD - "" = exkkqx.pif
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\auToPlAY\CoMmaNd - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\AutoRun\command - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\expLoRE\CommanD - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{88aa9efa-4b99-11de-a513-00216b9a70a4}\Shell\opEN\COmmand - "" = E:\tesst.cmd -- File not found
O33 - MountPoints2\{97715228-42d6-11df-9d32-001e65c8a18a}\Shell - "" = AutoRun
O33 - MountPoints2\{97715228-42d6-11df-9d32-001e65c8a18a}\Shell\AutoRun\command - "" = F:\loader.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/23 07:03:36 | 000,000,000 | ---D | C] -- C:\rootrepeal
[2010/04/23 07:02:48 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
[2010/04/23 06:56:54 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2010/04/21 13:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/21 13:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/21 13:39:31 | 000,562,176 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\GXXXXX\Bureau\OTL.exe
[2010/04/20 23:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/19 19:02:54 | 000,000,000 | ---D | C] -- D:\Mes Documents\Oasis
[2010/04/18 08:28:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\Application Data\vlc
[2010/04/18 08:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/18 08:09:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\Application Data\DivX
[2010/04/18 08:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/04/18 08:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/18 08:05:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 22:18:58 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/04/17 22:18:57 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/04/16 14:38:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\Application Data\gtk-2.0
[2010/04/16 14:38:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\.thumbnails
[2010/04/16 14:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\.gimp-2.6
[2010/04/16 14:36:23 | 000,000,000 | ---D | C] -- D:\Mes Documents\gegl-0.0
[2010/04/15 19:28:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\Local Settings\Application Data\Microsoft Help
[2010/04/11 08:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnH Solutions
[2010/04/11 08:46:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2010/04/11 08:36:19 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/04/11 08:36:19 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/04/11 08:36:19 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/04/09 17:36:22 | 000,000,000 | ---D | C] -- C:\456
[2010/04/09 17:33:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\GXXXXX\Local Settings\Application Data\Deployment
[2010/04/09 17:24:58 | 000,000,000 | ---D | C] -- D:\Mes Documents\GRTGaz
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/23 07:25:04 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/23 07:04:03 | 001,107,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 07:04:03 | 000,505,588 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/04/23 07:04:03 | 000,437,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 07:04:03 | 000,082,400 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/04/23 07:04:03 | 000,069,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 07:02:34 | 000,464,491 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Bureau\RootRepeal.zip
[2010/04/23 07:02:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/23 06:59:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 06:59:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 06:58:06 | 004,456,448 | -H-- | M] () -- D:\Documents and Settings\GXXXXX\ntuser.dat
[2010/04/23 06:58:06 | 000,000,284 | -HS- | M] () -- D:\Documents and Settings\GXXXXX\ntuser.ini
[2010/04/23 06:58:01 | 004,812,944 | -H-- | M] () -- D:\Documents and Settings\GXXXXX\Local Settings\Application Data\IconCache.db
[2010/04/23 06:54:48 | 000,845,916 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Bureau\Load_tdsskiller.exe
[2010/04/22 19:57:55 | 000,023,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys
[2010/04/22 14:29:27 | 000,018,586 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/04/21 17:49:14 | 000,001,490 | RHS- | M] () -- D:\Documents and Settings\GXXXXX\ntuser.pol
[2010/04/21 13:44:30 | 000,000,678 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Bureau\ERUNT.lnk
[2010/04/21 13:39:51 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\GXXXXX\Bureau\OTL.exe
[2010/04/21 11:36:13 | 000,000,633 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/16 14:38:15 | 000,000,834 | ---- | M] () -- D:\Documents and Settings\GXXXXX\.recently-used.xbel
[2010/04/14 14:32:00 | 000,030,208 | ---- | M] () -- D:\Mes Documents\simsgirl.doc
[2010/04/14 13:34:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 23:09:48 | 000,011,776 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 10:02:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 08:48:25 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\GXXXXX\Bureau\SWF Opener.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/23 07:02:12 | 000,464,491 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Bureau\RootRepeal.zip
[2010/04/23 06:54:39 | 000,845,916 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Bureau\Load_tdsskiller.exe
[2010/04/21 13:44:30 | 000,000,678 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/16 14:38:15 | 000,000,834 | ---- | C] () -- D:\Documents and Settings\GXXXXX\.recently-used.xbel
[2010/04/12 14:56:59 | 000,030,208 | ---- | C] () -- D:\Mes Documents\simsgirl.doc
[2010/04/11 08:48:25 | 000,000,644 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Bureau\SWF Opener.lnk
[2010/04/11 08:36:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/04/11 08:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/11 08:36:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/11 08:36:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/11 08:36:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/11 08:36:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/08 15:19:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/08 08:26:08 | 000,011,776 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 13:51:59 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/07 13:49:33 | 000,001,490 | RHS- | C] () -- D:\Documents and Settings\GXXXXX\ntuser.pol
[2010/04/07 13:48:33 | 000,000,284 | -HS- | C] () -- D:\Documents and Settings\GXXXXX\ntuser.ini
[2010/04/07 13:48:32 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\GXXXXX\ntuser.dat.LOG
[2010/04/07 13:48:24 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\GXXXXX\Default User v LXP.6.txt
[2010/04/07 13:48:20 | 004,456,448 | -H-- | C] () -- D:\Documents and Settings\GXXXXX\ntuser.dat
[2009/09/10 17:41:31 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/03/24 05:14:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2008/11/03 17:09:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/10/31 18:35:48 | 000,018,586 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2008/09/17 18:30:00 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/09/17 18:29:17 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/09/17 18:29:16 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/09/17 17:12:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/17 17:12:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/17 17:12:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/17 17:12:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/17 17:12:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/17 17:12:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/17 17:08:17 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/09/17 17:08:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/17 11:49:31 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/17 10:27:04 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2008/09/17 10:26:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ActivPackTok.dll
[2008/09/17 10:26:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ActivPackAPI.dll
[2008/09/17 10:26:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ActivPackErrLog.dll
[2008/09/16 20:15:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/09/16 20:14:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/09/16 19:13:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/01/04 15:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2004/08/04 02:37:26 | 000,023,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys
[2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\renMM.dll
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\therename.dll
[2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\renogg.dll

========== LOP Check ==========

[2009/09/07 16:09:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Lenovo
[2010/04/07 17:19:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2008/10/31 18:35:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\Avaya
[2010/04/16 14:38:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\gtk-2.0
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\InterVideo
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\Lenovo
[2009/09/08 16:13:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\Notepad++
[2010/04/14 19:20:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\GXXXXX\Application Data\TrueCrypt
[2010/04/23 07:25:04 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========


<End>
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede gmourral » 23 Avr 2010, 07:35

Malgré les opérations effectuées, Macaffee continue de détecter et de supprimer l'instance du virus : Generic PWS.y!cbm dans l'application C/windows/system32/scvhost.exe.

De temps en temps une fenêtre "débogage instantané" apparait ?

Merci
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede gmourral » 24 Avr 2010, 06:38

Bonjour,

Je viens de refaire tourner Malewarebyte qui a trouvé 2 infections.
Voici le rapport:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 4029

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

24/04/2010 07:36:16
mbam-log-2010-04-24 (07-36-16).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 127521
Temps écoulé: 12 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Temp\aqas.tmp\svchost.exe (Trojan.Inject) -> No action taken.
C:\WINDOWS\Fonts\I8L0L.com (Trojan.Inject) -> No action taken.
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede nickW » 25 Avr 2010, 00:05

Bonsoir,

Vraiment aucune trace d'un fichier nommé report.txt dans la partition C:\ ?


Nouveau nettoyage:

Étape 1: Dr.Web CureIt, téléchargement
Télécharger Dr.Web CureIt via un clic droit (Enregistrer le fichier sous) sur le lien ci-dessous:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
Enregistrer le fichier sur le Bureau.


Étape 2: Dr.Web CureIt, analyse/nettoyage
Lancer l'outil par un double clic sur cureit.exe

Cliquer sur Commencer le scan.
Sur l'invite "Voulez-vous exécuter une analyse maintenant?" cliquer sur le bouton OK pour confirmer.
Si des fichiers infectés sont détectés, cliquer sur le bouton Oui pour tout.

Attendre que l'Analyse rapide soit terminée.

Si elle s'affiche, déplacer sans la fermer la petite fenêtre verte proposant d'acheter Dr.WEB (50% de réduction) de façon à voir la fenêtre intitulée "Dr.Web Scanner pour Windows"
Dans la fenêtre intitulée "Dr.Web Scanner pour Windows", dans le Menu Options (en haut) choisir Changer la configuration
Dans l'onglet "Scanner" décocher la case située devant "Analyse heuristique", ensuite cliquer sur les boutons Appliquer puis OK.

De retour dans la fenêtre intitulée "Dr.Web Scanner pour Windows", cocher le Bouton-radio situé devant Analyse complète, puis cliquer sur la flèche verte (sur la droite) pour lancer le balayage.

Si un fichier infecté est détecté, sur l'invite "Désinfecter?", cliquer sur Oui pour tout puis sur Désinfecter.
Note: si la détection te semble erronée (faux-positif), cliquer sur Non pour tout.

Lorsque la recherche sera terminée, cliquer si cela est possible sur l'icône Image, puis sur le bouton Suivant et choisir Déplacer en quarantaine l'objet indésirable

Lorsque ceci sera effectué, cliquer (en haut) sur le Menu Fichier, puis choisir Enregistrer le rapport et enregistrer le fichier sur le Bureau.

Fermer Dr.Web CureIt.

Faire redémarrer le PC (ceci est très important, car certains fichiers seront réparés/déplacés lors de ce redémarrage).


Étape 3: Résultat
*- le rapport de Dr.Web CureIt (contenu du fichier DrWeb.csv situé sur le Bureau). Note: ce fichier peut être ouvert dans le Bloc-notes.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 10 invités

cron