[OK] PC infecté avec cheval de troie New Malware.j et Generi

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede gmourral » 18 Mai 2010, 22:49

voici le rapport Avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "k" disabled successfully.
File "C:\WINDOWS\System32\o.sys" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.


Voici le rapport GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-18 23:18:14
Windows 5.1.2600 Service Pack 3
Running: eqoihu77.exe; Driver: C:\Temp\pwloypow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9C9E610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9C9E624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9C9E5D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9C9E5E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9C9E64E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9C9E63A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9C9E5FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[1772] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00405995] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[1772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004059CB] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede gmourral » 18 Mai 2010, 22:50

et enfin voici le rapport OTL

OTL logfile created on: 18/05/2010 23:35:07 - Run 8
OTL by OldTimer - Version 3.2.3.0 Folder = D:\Documents and Settings\gxxxxx\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,88 Gb Total Space | 28,22 Gb Free Space | 60,20% Space Free | Partition Type: NTFS
Drive D: | 102,17 Gb Total Space | 34,20 Gb Free Space | 33,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Fxxxxx
Current User Name: gxxxxx
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/07 18:28:16 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\udaterui.exe
PRC - [2010/04/30 08:53:50 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/04/27 18:42:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
PRC - [2010/04/23 12:28:38 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2010/04/23 12:16:30 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/04/23 12:16:30 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/04/23 12:16:30 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/23 12:16:30 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/23 12:16:28 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2010/04/23 12:16:28 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
PRC - [2010/04/23 12:16:28 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
PRC - [2010/04/23 12:16:26 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe
PRC - [2010/04/23 12:16:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2010/04/23 12:16:26 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.exe
PRC - [2010/04/23 12:16:26 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/09/25 04:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 04:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/29 04:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/21 20:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/17 14:23:28 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/02/02 18:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/13 19:34:30 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 18:42:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
MOD - [2009/02/27 07:29:00 | 000,204,800 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\NetProvCredMan.dll
MOD - [2008/04/13 19:33:38 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:33:36 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:33:36 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:33:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:33:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 19:33:24 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/05/21 20:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/24 07:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/22 18:22:00 | 000,147,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/05/18 21:20:44 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\o.sys -- (k)
DRV - [2010/04/07 17:19:22 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/05 10:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/05/29 04:30:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/05/21 20:34:00 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/05/01 11:52:58 | 006,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/03/19 19:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/01/28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/26 14:02:04 | 000,023,080 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/10/06 10:47:36 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/09/18 09:03:13 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/18 09:03:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/08/27 21:35:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/08/27 21:35:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/08/27 21:35:26 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/08/27 20:40:38 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/13 11:41:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:30:02 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/10 10:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/09/21 17:55:16 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvirta.sys -- (CVirtA)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2001/08/17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\twotrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 10:11:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 10:11:45 | 000,000,000 | ---D | M]

[2009/06/11 17:45:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions
[2009/06/11 17:45:35 | 000,000,000 | ---D | M] (Chickenfoot) -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2009/06/11 17:45:34 | 000,000,000 | ---D | M] (Fasterfox) -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/06/11 17:45:33 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/11 08:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/11 08:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/18 01:04:44 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/18 01:04:44 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/18 01:04:44 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/12/18 01:04:44 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/18 01:04:44 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2006/09/06 20:27:53 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2006/06/03 22:11:43 | 000,001,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/06 22:56:53 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 22:28:40 | 000,001,441 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2006/09/11 21:46:49 | 000,000,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: cxxxxx.com ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: cxxxxx.fr ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: cg27.fr ([ad-image] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: txxxxx.com ([csg-fr] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: txxxxx.com ([portal2-app-fr] https in Sites de confiance)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Sites de confiance)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.192.168.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.cxxxxx.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel(R) Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 18:52:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/16 20:35:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/18 21:20:44 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/12 20:36:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\ATManager
[2010/05/12 20:36:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\whtvfmsfa
[2010/05/12 06:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/10 16:56:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Help
[2010/05/10 16:56:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Help
[2010/05/03 16:58:18 | 000,000,000 | ---D | C] -- D:\Mes Documents\My Meetings
[2010/04/30 16:16:22 | 000,000,000 | ---D | C] -- D:\Mes Documents\Parisot
[2010/04/28 10:12:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/28 09:56:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Citrix
[2010/04/28 09:16:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\ICAClient
[2010/04/28 09:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/04/25 06:59:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\DoctorWeb
[2010/04/24 21:04:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\dvdcss
[2010/04/24 08:27:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/04/23 07:03:36 | 000,000,000 | ---D | C] -- C:\rootrepeal
[2010/04/23 06:56:54 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2010/04/21 13:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/21 13:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/21 13:39:31 | 000,563,712 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
[2010/04/20 23:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/19 19:02:54 | 000,000,000 | ---D | C] -- D:\Mes Documents\Oasis
[2010/04/18 08:28:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\vlc
[2010/04/18 08:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/18 08:09:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\DivX
[2010/04/18 08:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/04/18 08:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/18 08:05:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 22:18:58 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/04/17 22:18:57 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/04/16 14:38:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\gtk-2.0
[2010/04/16 14:38:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\.thumbnails
[2010/04/16 14:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\.gimp-2.6
[2010/04/16 14:36:23 | 000,000,000 | ---D | C] -- D:\Mes Documents\gegl-0.0
[2010/04/15 19:28:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft Help
[2010/04/11 08:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnH Solutions
[2010/04/11 08:46:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2010/04/11 08:36:19 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/04/11 08:36:19 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/04/11 08:36:19 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/04/09 17:36:22 | 000,000,000 | ---D | C] -- C:\456
[2010/04/09 17:33:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Deployment
[2010/04/09 17:24:58 | 000,000,000 | ---D | C] -- D:\Mes Documents\GRTGaz
[2010/04/08 15:20:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Media Player Classic
[2010/04/08 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/04/08 15:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/04/08 15:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\THE Rename
[2010/04/08 08:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ancestrologie
[2010/04/07 18:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/04/07 18:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/04/07 18:30:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/04/07 18:25:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Adobe
[2010/04/07 17:21:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\TrueCrypt
[2010/04/07 17:19:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010/04/07 17:19:22 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/04/07 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/04/07 16:42:30 | 000,000,000 | ---D | C] -- D:\Mes Documents\Tscadraw
[2010/04/07 16:41:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Perso
[2010/04/07 16:40:47 | 000,000,000 | ---D | C] -- D:\Mes Documents\MS-Project
[2010/04/07 16:40:28 | 000,000,000 | --SD | C] -- D:\Mes Documents\Mes sources de données
[2010/04/07 16:40:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\Messier Dowty
[2010/04/07 16:40:19 | 000,000,000 | ---D | C] -- D:\Mes Documents\Labinal
[2010/04/07 16:39:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\ITIL
[2010/04/07 16:39:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\IFS
[2010/04/07 16:31:30 | 000,000,000 | ---D | C] -- D:\Mes Documents\SARI
[2010/04/07 16:31:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\Harraps
[2010/04/07 16:25:11 | 000,000,000 | ---D | C] -- D:\Mes Documents\sxxxxx
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\Excel
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\DRP
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\DEF
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\Cyberlink
[2010/04/07 16:24:47 | 000,000,000 | ---D | C] -- D:\Mes Documents\Clarity
[2010/04/07 16:24:18 | 000,000,000 | ---D | C] -- D:\Mes Documents\cap
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Call_center
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Bluetooth
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\blobby
[2010/04/07 16:24:09 | 000,000,000 | ---D | C] -- D:\Mes Documents\ARJ
[2010/04/07 16:24:08 | 000,000,000 | ---D | C] -- D:\Mes Documents\Arithmogriph
[2010/04/07 16:23:09 | 000,000,000 | ---D | C] -- D:\Mes Documents\Aerolia
[2010/04/07 14:37:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Malwarebytes
[2010/04/07 14:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 14:36:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/07 14:36:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 14:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 14:25:25 | 000,000,000 | ---D | C] -- C:\Quarantine
[2010/04/07 14:18:50 | 000,000,000 | ---D | C] -- C:\TSCADRAW
[2010/04/07 14:03:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\McAfee
[2010/04/07 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2010/04/07 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CCM
[2010/04/07 13:51:24 | 000,000,000 | ---D | C] -- C:\WTR
[2010/04/07 13:50:28 | 000,202,240 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\cxxxxx.scr
[2010/04/07 13:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cxxxxx dir
[2010/04/07 13:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Helpdesk
[2010/04/07 13:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2010/04/07 13:49:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$UninstallRDC$
[2010/04/07 13:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ccmsetup
[2010/04/07 13:48:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\dot3svc
[2010/04/07 13:48:32 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Local Settings
[2010/04/07 13:48:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Macromedia
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Lenovo
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\InterVideo
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Intel
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Identities
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Avaya
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Adobe
[2010/04/07 13:48:22 | 000,000,000 | --SD | C] -- D:\Documents and Settings\gxxxxx\Application Data\Microsoft
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\PSpad
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Notepad++
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\gxxxxx\SendTo
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\gxxxxx\Recent
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\gxxxxx\Application Data
[2010/04/07 13:48:20 | 000,000,000 | R--D | C] -- D:\Documents and Settings\gxxxxx\Menu Démarrer
[2010/04/07 13:48:20 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\gxxxxx\Cookies
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Voisinage réseau
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Voisinage d'impression
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Modèles
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Tracing
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Sun
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Roxio
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Mes documents
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Favoris
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Bureau
[2010/04/07 13:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/03/31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/08 19:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/19 21:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 21:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 21:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 21:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/18 23:39:06 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/05/18 23:36:22 | 001,107,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/18 23:36:22 | 000,505,588 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/18 23:36:22 | 000,437,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/18 23:36:22 | 000,082,400 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/18 23:36:22 | 000,069,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/18 23:33:51 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/05/18 23:31:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 23:31:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 23:24:13 | 004,315,980 | -H-- | M] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\IconCache.db
[2010/05/18 21:20:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\o.sys
[2010/05/18 21:19:15 | 004,980,736 | -H-- | M] () -- D:\Documents and Settings\gxxxxx\ntuser.dat
[2010/05/18 21:19:15 | 000,000,284 | -HS- | M] () -- D:\Documents and Settings\gxxxxx\ntuser.ini
[2010/05/18 21:18:47 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2010/05/18 21:18:47 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010/05/18 21:18:47 | 000,001,174 | ---- | M] () -- C:\backup.reg
[2010/05/18 21:18:47 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/05/18 19:40:59 | 000,158,208 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\assiste.doc
[2010/05/18 14:59:49 | 000,293,376 | ---- | M] () -- C:\eqoihu77.exe
[2010/05/18 14:56:51 | 000,724,952 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.zip
[2010/05/17 21:41:20 | 000,000,646 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/17 21:28:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/17 13:28:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 13:23:59 | 000,019,436 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/05/11 18:48:03 | 039,968,832 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\cureit.exe
[2010/05/11 18:39:26 | 000,064,512 | ---- | M] () -- D:\Mes Documents\planning aude.doc
[2010/05/11 18:32:29 | 000,147,968 | ---- | M] () -- D:\Mes Documents\planning aude.mpp
[2010/05/11 18:32:26 | 000,025,407 | ---- | M] () -- D:\Mes Documents\planning aude.gif
[2010/05/11 12:39:18 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/11 12:35:29 | 000,002,334 | RHS- | M] () -- D:\Documents and Settings\gxxxxx\ntuser.pol
[2010/05/09 22:52:22 | 000,002,159 | ---- | M] () -- D:\Documents and Settings\gxxxxx\.recently-used.xbel
[2010/05/08 17:41:04 | 000,002,307 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Communicator 2007.lnk
[2010/05/06 08:25:35 | 000,023,235 | ---- | M] () -- C:\debug
[2010/05/05 21:32:57 | 000,000,400 | ---- | M] () -- D:\Mes Documents\spider.sav
[2010/04/30 16:30:58 | 000,000,385 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 08:43:21 | 000,002,133 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Open Workbench.lnk
[2010/04/28 09:30:35 | 000,001,643 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\launch.ica
[2010/04/27 18:42:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
[2010/04/26 16:22:20 | 000,000,404 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers sxxxxx.lnk
[2010/04/25 21:47:16 | 000,001,616 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/04/24 08:23:02 | 000,001,656 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Access Connections.lnk
[2010/04/23 07:02:34 | 000,464,491 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\RootRepeal.zip
[2010/04/23 06:54:48 | 000,845,916 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Load_tdsskiller.exe
[2010/04/21 13:44:30 | 000,000,678 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/14 14:32:00 | 000,030,208 | ---- | M] () -- D:\Mes Documents\simsgirl.doc
[2010/04/14 13:34:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 23:09:48 | 000,011,776 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 08:48:25 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\SWF Opener.lnk
[2010/04/08 15:13:06 | 000,000,649 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 15:04:40 | 000,000,545 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\THE Rename.lnk
[2010/04/08 08:21:57 | 000,000,577 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Ancestrologie.lnk
[2010/04/08 07:23:33 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/07 17:19:25 | 000,000,553 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 17:19:22 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/04/07 14:36:54 | 000,000,585 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 13:54:47 | 000,061,320 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/07 13:51:59 | 000,004,764 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:50:29 | 000,202,240 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\cxxxxx.scr
[2010/03/31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/29 17:59:51 | 000,034,816 | ---- | M] () -- D:\Mes Documents\Animation des ateliers avec Rio Tinto Alcan.doc
[2010/03/26 20:00:34 | 000,002,411 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Excel 2007.lnk
[2010/03/23 11:47:54 | 000,002,453 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Word 2007.lnk
[2010/03/15 12:33:23 | 000,451,584 | ---- | M] () -- D:\Mes Documents\OTMRO_Assessment tool - User Guide (V8 2).doc
[2010/03/14 20:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/14 20:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/03/09 19:49:37 | 000,033,518 | ---- | M] () -- D:\Mes Documents\vanguard.xlsx
[2010/03/08 19:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/19 21:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 21:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 21:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 21:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 21:18:47 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2010/05/18 21:18:47 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010/05/18 21:18:47 | 000,001,174 | ---- | C] () -- C:\backup.reg
[2010/05/18 21:18:47 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/05/18 21:16:41 | 000,731,136 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.exe
[2010/05/18 19:40:58 | 000,158,208 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\assiste.doc
[2010/05/18 14:59:48 | 000,293,376 | ---- | C] () -- C:\eqoihu77.exe
[2010/05/18 14:56:48 | 000,724,952 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.zip
[2010/05/17 20:06:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 18:08:15 | 000,025,407 | ---- | C] () -- D:\Mes Documents\planning aude.gif
[2010/05/10 19:22:21 | 000,147,968 | ---- | C] () -- D:\Mes Documents\planning aude.mpp
[2010/05/10 19:20:54 | 000,064,512 | ---- | C] () -- D:\Mes Documents\planning aude.doc
[2010/05/09 22:52:22 | 000,002,159 | ---- | C] () -- D:\Documents and Settings\gxxxxx\.recently-used.xbel
[2010/05/06 08:25:35 | 000,023,235 | ---- | C] () -- C:\debug
[2010/05/05 21:32:57 | 000,000,400 | ---- | C] () -- D:\Mes Documents\spider.sav
[2010/04/28 08:52:08 | 000,001,643 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\launch.ica
[2010/04/25 21:46:09 | 000,001,616 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/04/25 06:57:47 | 039,968,832 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\cureit.exe
[2010/04/24 08:23:02 | 000,001,656 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Access Connections.lnk
[2010/04/24 06:54:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\o.sys
[2010/04/23 07:02:12 | 000,464,491 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\RootRepeal.zip
[2010/04/23 06:54:39 | 000,845,916 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Load_tdsskiller.exe
[2010/04/21 13:44:30 | 000,000,678 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/12 14:56:59 | 000,030,208 | ---- | C] () -- D:\Mes Documents\simsgirl.doc
[2010/04/11 08:48:25 | 000,000,644 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\SWF Opener.lnk
[2010/04/11 08:36:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/04/11 08:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/11 08:36:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/11 08:36:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/11 08:36:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/11 08:36:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/08 15:19:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/08 15:13:06 | 000,000,649 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 08:26:08 | 000,011,776 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 08:21:57 | 000,000,577 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Ancestrologie.lnk
[2010/04/07 17:19:25 | 000,000,553 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 16:42:36 | 000,451,584 | ---- | C] () -- D:\Mes Documents\OTMRO_Assessment tool - User Guide (V8 2).doc
[2010/04/07 16:42:36 | 000,280,064 | ---- | C] () -- D:\Mes Documents\sxxxxx-FR_SFD_I_GDP_V10 0_EN_gam.doc
[2010/04/07 16:42:36 | 000,211,456 | ---- | C] () -- D:\Mes Documents\Billet avion.doc
[2010/04/07 16:42:36 | 000,155,648 | ---- | C] () -- D:\Mes Documents\Copie de sxxxxx - Change Management Follow-up.xls
[2010/04/07 16:42:36 | 000,104,960 | ---- | C] () -- D:\Mes Documents\Copie de sxxxxx-FR_Plan de charge_V4 4.xls
[2010/04/07 16:42:36 | 000,065,024 | ---- | C] () -- D:\Mes Documents\sxxxxx CORE defects.xls
[2010/04/07 16:42:36 | 000,059,392 | ---- | C] () -- D:\Mes Documents\Chiffrage.ppt
[2010/04/07 16:42:36 | 000,043,943 | ---- | C] () -- D:\Mes Documents\Learning_Agreement_In_2009-2010.pdf
[2010/04/07 16:42:36 | 000,034,816 | ---- | C] () -- D:\Mes Documents\Animation des ateliers avec Rio Tinto Alcan.doc
[2010/04/07 16:42:36 | 000,033,518 | ---- | C] () -- D:\Mes Documents\vanguard.xlsx
[2010/04/07 16:42:36 | 000,031,120 | ---- | C] () -- D:\Mes Documents\e-Speaking Commands.xml
[2010/04/07 16:42:36 | 000,028,160 | ---- | C] () -- D:\Mes Documents\Bonjour.doc
[2010/04/07 16:42:36 | 000,022,528 | ---- | C] () -- D:\Mes Documents\Facturation Core.xls
[2010/04/07 16:42:36 | 000,022,016 | ---- | C] () -- D:\Mes Documents\WBS_9CE.xls
[2010/04/07 16:42:36 | 000,018,944 | ---- | C] () -- D:\Mes Documents\CR finance.xls
[2010/04/07 16:42:36 | 000,015,360 | ---- | C] () -- D:\Mes Documents\Campaign 002.xls
[2010/04/07 16:42:36 | 000,013,824 | ---- | C] () -- D:\Mes Documents\ER_BPWS.xls
[2010/04/07 16:42:35 | 000,079,360 | ---- | C] () -- D:\Mes Documents\2007_07_02_change-request_19_V1.0.doc
[2010/04/07 14:36:54 | 000,000,585 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 14:18:04 | 000,001,124 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers Slide-A0-FT4 Packages-EN.ppt.lnk
[2010/04/07 14:18:04 | 000,000,545 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\THE Rename.lnk
[2010/04/07 14:18:04 | 000,000,467 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers TSCADRAW.EXE.lnk
[2010/04/07 14:18:03 | 000,002,453 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Word 2007.lnk
[2010/04/07 14:18:03 | 000,002,411 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Excel 2007.lnk
[2010/04/07 14:18:03 | 000,002,307 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Communicator 2007.lnk
[2010/04/07 14:18:03 | 000,002,133 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Open Workbench.lnk
[2010/04/07 14:18:03 | 000,002,072 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Access 2003.lnk
[2010/04/07 14:18:03 | 000,002,036 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Project 2003.lnk
[2010/04/07 14:18:03 | 000,001,960 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Visio 2003.lnk
[2010/04/07 14:18:03 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\MyDVD.lnk
[2010/04/07 14:18:03 | 000,001,423 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Calculatrice.lnk
[2010/04/07 14:18:03 | 000,000,537 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\NetMeeting.lnk
[2010/04/07 14:18:03 | 000,000,404 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers sxxxxx.lnk
[2010/04/07 13:51:59 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:51:36 | 000,001,260 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\WTR.lnk
[2010/04/07 13:51:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/07 13:50:52 | 000,000,760 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Sauvegarde.lnk
[2010/04/07 13:49:33 | 000,002,334 | RHS- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.pol
[2010/04/07 13:48:33 | 000,000,284 | -HS- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.ini
[2010/04/07 13:48:32 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.dat.LOG
[2010/04/07 13:48:24 | 000,001,778 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\VPN Client.lnk
[2010/04/07 13:48:24 | 000,000,000 | ---- | C] () -- D:\Documents
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede gmourral » 18 Mai 2010, 22:51

et enfin voici le rapport OTL

OTL logfile created on: 18/05/2010 23:35:07 - Run 8
OTL by OldTimer - Version 3.2.3.0 Folder = D:\Documents and Settings\gxxxxx\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46,88 Gb Total Space | 28,22 Gb Free Space | 60,20% Space Free | Partition Type: NTFS
Drive D: | 102,17 Gb Total Space | 34,20 Gb Free Space | 33,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Fxxxxx
Current User Name: gxxxxx
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/07 18:28:16 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\udaterui.exe
PRC - [2010/04/30 08:53:50 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/04/27 18:42:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
PRC - [2010/04/23 12:28:38 | 005,732,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2010/04/23 12:16:30 | 001,368,064 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/04/23 12:16:30 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/04/23 12:16:30 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/23 12:16:30 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/23 12:16:28 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2010/04/23 12:16:28 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
PRC - [2010/04/23 12:16:28 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
PRC - [2010/04/23 12:16:26 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe
PRC - [2010/04/23 12:16:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2010/04/23 12:16:26 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.exe
PRC - [2010/04/23 12:16:26 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/09/25 04:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 04:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/29 04:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/21 20:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/17 14:23:28 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/02/02 18:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/04/13 19:34:30 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 18:42:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
MOD - [2009/02/27 07:29:00 | 000,204,800 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\NetProvCredMan.dll
MOD - [2008/04/13 19:33:38 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:33:36 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:33:36 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:33:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:33:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 19:33:24 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/05/21 20:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/17 14:22:12 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/04/17 14:22:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/04/16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/03/19 19:08:44 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 07:26:32 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/02/12 12:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/12 12:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/01/28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/24 07:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/22 18:22:00 | 000,147,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/10 10:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/05/18 21:20:44 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\o.sys -- (k)
DRV - [2010/04/07 17:19:22 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/05 10:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/05/29 04:30:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/05/21 20:34:00 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/05/01 11:52:58 | 006,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/03/19 19:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/01/28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/26 14:02:04 | 000,023,080 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/10/06 10:47:36 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/09/18 09:03:13 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/18 09:03:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/08/27 21:35:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/08/27 21:35:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/08/27 21:35:26 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/08/27 20:40:38 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/05/12 22:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/13 11:41:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 11:40:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:30:02 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/10 10:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/09/21 17:55:16 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvirta.sys -- (CVirtA)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2001/08/17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\twotrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 10:11:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 10:11:45 | 000,000,000 | ---D | M]

[2009/06/11 17:45:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions
[2009/06/11 17:45:35 | 000,000,000 | ---D | M] (Chickenfoot) -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2009/06/11 17:45:34 | 000,000,000 | ---D | M] (Fasterfox) -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/06/11 17:45:33 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla\Firefox\Profiles\c1wv5iti.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/11 08:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/11 08:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/18 01:04:44 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/18 01:04:44 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/18 01:04:44 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/12/18 01:04:44 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/18 01:04:44 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2006/09/06 20:27:53 | 000,001,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2006/06/03 22:11:43 | 000,001,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/06 22:56:53 | 000,000,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 22:28:40 | 000,001,441 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2006/09/11 21:46:49 | 000,000,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - Startup: D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: cxxxxx.com ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: cxxxxx.fr ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: cg27.fr ([ad-image] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: txxxxx.com ([csg-fr] https in Sites de confiance)
O15 - HKCU\..Trusted Domains: txxxxx.com ([portal2-app-fr] https in Sites de confiance)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Sites de confiance)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.192.168.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.cxxxxx.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel(R) Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 18:52:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/16 20:35:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/18 21:20:44 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/05/12 20:36:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\ATManager
[2010/05/12 20:36:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\whtvfmsfa
[2010/05/12 06:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/10 16:56:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Help
[2010/05/10 16:56:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Help
[2010/05/03 16:58:18 | 000,000,000 | ---D | C] -- D:\Mes Documents\My Meetings
[2010/04/30 16:16:22 | 000,000,000 | ---D | C] -- D:\Mes Documents\Parisot
[2010/04/28 10:12:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/28 09:56:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Citrix
[2010/04/28 09:16:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\ICAClient
[2010/04/28 09:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/04/25 06:59:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\DoctorWeb
[2010/04/24 21:04:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\dvdcss
[2010/04/24 08:27:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/04/23 07:03:36 | 000,000,000 | ---D | C] -- C:\rootrepeal
[2010/04/23 06:56:54 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2010/04/21 13:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/21 13:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/21 13:39:31 | 000,563,712 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
[2010/04/20 23:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/19 19:02:54 | 000,000,000 | ---D | C] -- D:\Mes Documents\Oasis
[2010/04/18 08:28:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\vlc
[2010/04/18 08:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/18 08:09:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\DivX
[2010/04/18 08:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2010/04/18 08:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/18 08:05:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DivX
[2010/04/17 22:18:58 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/04/17 22:18:57 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/04/16 14:38:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\gtk-2.0
[2010/04/16 14:38:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\.thumbnails
[2010/04/16 14:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\.gimp-2.6
[2010/04/16 14:36:23 | 000,000,000 | ---D | C] -- D:\Mes Documents\gegl-0.0
[2010/04/15 19:28:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft Help
[2010/04/11 08:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnH Solutions
[2010/04/11 08:46:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NOS
[2010/04/11 08:36:19 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/04/11 08:36:19 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/04/11 08:36:19 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/04/09 17:36:22 | 000,000,000 | ---D | C] -- C:\456
[2010/04/09 17:33:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Deployment
[2010/04/09 17:24:58 | 000,000,000 | ---D | C] -- D:\Mes Documents\GRTGaz
[2010/04/08 15:20:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Media Player Classic
[2010/04/08 15:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/04/08 15:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/04/08 15:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\THE Rename
[2010/04/08 08:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ancestrologie
[2010/04/07 18:30:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/04/07 18:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/04/07 18:30:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/04/07 18:25:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Adobe
[2010/04/07 17:21:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\TrueCrypt
[2010/04/07 17:19:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010/04/07 17:19:22 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/04/07 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2010/04/07 16:42:30 | 000,000,000 | ---D | C] -- D:\Mes Documents\Tscadraw
[2010/04/07 16:41:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Perso
[2010/04/07 16:40:47 | 000,000,000 | ---D | C] -- D:\Mes Documents\MS-Project
[2010/04/07 16:40:28 | 000,000,000 | --SD | C] -- D:\Mes Documents\Mes sources de données
[2010/04/07 16:40:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\Messier Dowty
[2010/04/07 16:40:19 | 000,000,000 | ---D | C] -- D:\Mes Documents\Labinal
[2010/04/07 16:39:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\ITIL
[2010/04/07 16:39:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\IFS
[2010/04/07 16:31:30 | 000,000,000 | ---D | C] -- D:\Mes Documents\SARI
[2010/04/07 16:31:28 | 000,000,000 | ---D | C] -- D:\Mes Documents\Harraps
[2010/04/07 16:25:11 | 000,000,000 | ---D | C] -- D:\Mes Documents\sxxxxx
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\Excel
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\DRP
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\DEF
[2010/04/07 16:25:01 | 000,000,000 | ---D | C] -- D:\Mes Documents\Cyberlink
[2010/04/07 16:24:47 | 000,000,000 | ---D | C] -- D:\Mes Documents\Clarity
[2010/04/07 16:24:18 | 000,000,000 | ---D | C] -- D:\Mes Documents\cap
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Call_center
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\Bluetooth
[2010/04/07 16:24:14 | 000,000,000 | ---D | C] -- D:\Mes Documents\blobby
[2010/04/07 16:24:09 | 000,000,000 | ---D | C] -- D:\Mes Documents\ARJ
[2010/04/07 16:24:08 | 000,000,000 | ---D | C] -- D:\Mes Documents\Arithmogriph
[2010/04/07 16:23:09 | 000,000,000 | ---D | C] -- D:\Mes Documents\Aerolia
[2010/04/07 14:37:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Malwarebytes
[2010/04/07 14:36:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 14:36:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/07 14:36:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 14:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 14:25:25 | 000,000,000 | ---D | C] -- C:\Quarantine
[2010/04/07 14:18:50 | 000,000,000 | ---D | C] -- C:\TSCADRAW
[2010/04/07 14:03:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\McAfee
[2010/04/07 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2010/04/07 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CCM
[2010/04/07 13:51:24 | 000,000,000 | ---D | C] -- C:\WTR
[2010/04/07 13:50:28 | 000,202,240 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\cxxxxx.scr
[2010/04/07 13:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cxxxxx dir
[2010/04/07 13:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Helpdesk
[2010/04/07 13:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2010/04/07 13:49:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$UninstallRDC$
[2010/04/07 13:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ccmsetup
[2010/04/07 13:48:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\dot3svc
[2010/04/07 13:48:32 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Local Settings
[2010/04/07 13:48:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\Microsoft
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Macromedia
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Lenovo
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\InterVideo
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Intel
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Identities
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Avaya
[2010/04/07 13:48:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Adobe
[2010/04/07 13:48:22 | 000,000,000 | --SD | C] -- D:\Documents and Settings\gxxxxx\Application Data\Microsoft
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\PSpad
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Notepad++
[2010/04/07 13:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Mozilla
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\gxxxxx\SendTo
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\gxxxxx\Recent
[2010/04/07 13:48:20 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\gxxxxx\Application Data
[2010/04/07 13:48:20 | 000,000,000 | R--D | C] -- D:\Documents and Settings\gxxxxx\Menu Démarrer
[2010/04/07 13:48:20 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\gxxxxx\Cookies
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Voisinage réseau
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Voisinage d'impression
[2010/04/07 13:48:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\gxxxxx\Modèles
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Tracing
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Sun
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Application Data\Roxio
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Mes documents
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Favoris
[2010/04/07 13:48:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\gxxxxx\Bureau
[2010/04/07 13:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/03/31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/08 19:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/19 21:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 21:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 21:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 21:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/18 23:39:06 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/05/18 23:36:22 | 001,107,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/18 23:36:22 | 000,505,588 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/18 23:36:22 | 000,437,316 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/18 23:36:22 | 000,082,400 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/18 23:36:22 | 000,069,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/18 23:33:51 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/05/18 23:31:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 23:31:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 23:24:13 | 004,315,980 | -H-- | M] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\IconCache.db
[2010/05/18 21:20:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\o.sys
[2010/05/18 21:19:15 | 004,980,736 | -H-- | M] () -- D:\Documents and Settings\gxxxxx\ntuser.dat
[2010/05/18 21:19:15 | 000,000,284 | -HS- | M] () -- D:\Documents and Settings\gxxxxx\ntuser.ini
[2010/05/18 21:18:47 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2010/05/18 21:18:47 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010/05/18 21:18:47 | 000,001,174 | ---- | M] () -- C:\backup.reg
[2010/05/18 21:18:47 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/05/18 19:40:59 | 000,158,208 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\assiste.doc
[2010/05/18 14:59:49 | 000,293,376 | ---- | M] () -- C:\eqoihu77.exe
[2010/05/18 14:56:51 | 000,724,952 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.zip
[2010/05/17 21:41:20 | 000,000,646 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/17 21:28:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/17 13:28:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 13:23:59 | 000,019,436 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2010/05/11 18:48:03 | 039,968,832 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\cureit.exe
[2010/05/11 18:39:26 | 000,064,512 | ---- | M] () -- D:\Mes Documents\planning aude.doc
[2010/05/11 18:32:29 | 000,147,968 | ---- | M] () -- D:\Mes Documents\planning aude.mpp
[2010/05/11 18:32:26 | 000,025,407 | ---- | M] () -- D:\Mes Documents\planning aude.gif
[2010/05/11 12:39:18 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/11 12:35:29 | 000,002,334 | RHS- | M] () -- D:\Documents and Settings\gxxxxx\ntuser.pol
[2010/05/09 22:52:22 | 000,002,159 | ---- | M] () -- D:\Documents and Settings\gxxxxx\.recently-used.xbel
[2010/05/08 17:41:04 | 000,002,307 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Communicator 2007.lnk
[2010/05/06 08:25:35 | 000,023,235 | ---- | M] () -- C:\debug
[2010/05/05 21:32:57 | 000,000,400 | ---- | M] () -- D:\Mes Documents\spider.sav
[2010/04/30 16:30:58 | 000,000,385 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 08:43:21 | 000,002,133 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Open Workbench.lnk
[2010/04/28 09:30:35 | 000,001,643 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\launch.ica
[2010/04/27 18:42:54 | 000,563,712 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\gxxxxx\Bureau\OTL.exe
[2010/04/26 16:22:20 | 000,000,404 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers sxxxxx.lnk
[2010/04/25 21:47:16 | 000,001,616 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/04/24 08:23:02 | 000,001,656 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Access Connections.lnk
[2010/04/23 07:02:34 | 000,464,491 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\RootRepeal.zip
[2010/04/23 06:54:48 | 000,845,916 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Load_tdsskiller.exe
[2010/04/21 13:44:30 | 000,000,678 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/14 14:32:00 | 000,030,208 | ---- | M] () -- D:\Mes Documents\simsgirl.doc
[2010/04/14 13:34:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 23:09:48 | 000,011,776 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 08:48:25 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\SWF Opener.lnk
[2010/04/08 15:13:06 | 000,000,649 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 15:04:40 | 000,000,545 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\THE Rename.lnk
[2010/04/08 08:21:57 | 000,000,577 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Ancestrologie.lnk
[2010/04/08 07:23:33 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/07 17:19:25 | 000,000,553 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 17:19:22 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2010/04/07 14:36:54 | 000,000,585 | ---- | M] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 13:54:47 | 000,061,320 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/07 13:51:59 | 000,004,764 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:50:29 | 000,202,240 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\cxxxxx.scr
[2010/03/31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/03/29 17:59:51 | 000,034,816 | ---- | M] () -- D:\Mes Documents\Animation des ateliers avec Rio Tinto Alcan.doc
[2010/03/26 20:00:34 | 000,002,411 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Excel 2007.lnk
[2010/03/23 11:47:54 | 000,002,453 | ---- | M] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Word 2007.lnk
[2010/03/15 12:33:23 | 000,451,584 | ---- | M] () -- D:\Mes Documents\OTMRO_Assessment tool - User Guide (V8 2).doc
[2010/03/14 20:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/14 20:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/03/09 19:49:37 | 000,033,518 | ---- | M] () -- D:\Mes Documents\vanguard.xlsx
[2010/03/08 19:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/19 21:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 21:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 21:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 21:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 21:18:47 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2010/05/18 21:18:47 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010/05/18 21:18:47 | 000,001,174 | ---- | C] () -- C:\backup.reg
[2010/05/18 21:18:47 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/05/18 21:16:41 | 000,731,136 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.exe
[2010/05/18 19:40:58 | 000,158,208 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\assiste.doc
[2010/05/18 14:59:48 | 000,293,376 | ---- | C] () -- C:\eqoihu77.exe
[2010/05/18 14:56:48 | 000,724,952 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.zip
[2010/05/17 20:06:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 18:08:15 | 000,025,407 | ---- | C] () -- D:\Mes Documents\planning aude.gif
[2010/05/10 19:22:21 | 000,147,968 | ---- | C] () -- D:\Mes Documents\planning aude.mpp
[2010/05/10 19:20:54 | 000,064,512 | ---- | C] () -- D:\Mes Documents\planning aude.doc
[2010/05/09 22:52:22 | 000,002,159 | ---- | C] () -- D:\Documents and Settings\gxxxxx\.recently-used.xbel
[2010/05/06 08:25:35 | 000,023,235 | ---- | C] () -- C:\debug
[2010/05/05 21:32:57 | 000,000,400 | ---- | C] () -- D:\Mes Documents\spider.sav
[2010/04/28 08:52:08 | 000,001,643 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\launch.ica
[2010/04/25 21:46:09 | 000,001,616 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/04/25 06:57:47 | 039,968,832 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\cureit.exe
[2010/04/24 08:23:02 | 000,001,656 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Access Connections.lnk
[2010/04/24 06:54:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\o.sys
[2010/04/23 07:02:12 | 000,464,491 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\RootRepeal.zip
[2010/04/23 06:54:39 | 000,845,916 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Load_tdsskiller.exe
[2010/04/21 13:44:30 | 000,000,678 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/12 14:56:59 | 000,030,208 | ---- | C] () -- D:\Mes Documents\simsgirl.doc
[2010/04/11 08:48:25 | 000,000,644 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\SWF Opener.lnk
[2010/04/11 08:36:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/04/11 08:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/11 08:36:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/11 08:36:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/11 08:36:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/11 08:36:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/08 15:19:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/08 15:13:06 | 000,000,649 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 08:26:08 | 000,011,776 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 08:21:57 | 000,000,577 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Ancestrologie.lnk
[2010/04/07 17:19:25 | 000,000,553 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 16:42:36 | 000,451,584 | ---- | C] () -- D:\Mes Documents\OTMRO_Assessment tool - User Guide (V8 2).doc
[2010/04/07 16:42:36 | 000,280,064 | ---- | C] () -- D:\Mes Documents\sxxxxx-FR_SFD_I_GDP_V10 0_EN_gam.doc
[2010/04/07 16:42:36 | 000,211,456 | ---- | C] () -- D:\Mes Documents\Billet avion.doc
[2010/04/07 16:42:36 | 000,155,648 | ---- | C] () -- D:\Mes Documents\Copie de sxxxxx - Change Management Follow-up.xls
[2010/04/07 16:42:36 | 000,104,960 | ---- | C] () -- D:\Mes Documents\Copie de sxxxxx-FR_Plan de charge_V4 4.xls
[2010/04/07 16:42:36 | 000,065,024 | ---- | C] () -- D:\Mes Documents\sxxxxx CORE defects.xls
[2010/04/07 16:42:36 | 000,059,392 | ---- | C] () -- D:\Mes Documents\Chiffrage.ppt
[2010/04/07 16:42:36 | 000,043,943 | ---- | C] () -- D:\Mes Documents\Learning_Agreement_In_2009-2010.pdf
[2010/04/07 16:42:36 | 000,034,816 | ---- | C] () -- D:\Mes Documents\Animation des ateliers avec Rio Tinto Alcan.doc
[2010/04/07 16:42:36 | 000,033,518 | ---- | C] () -- D:\Mes Documents\vanguard.xlsx
[2010/04/07 16:42:36 | 000,031,120 | ---- | C] () -- D:\Mes Documents\e-Speaking Commands.xml
[2010/04/07 16:42:36 | 000,028,160 | ---- | C] () -- D:\Mes Documents\Bonjour.doc
[2010/04/07 16:42:36 | 000,022,528 | ---- | C] () -- D:\Mes Documents\Facturation Core.xls
[2010/04/07 16:42:36 | 000,022,016 | ---- | C] () -- D:\Mes Documents\WBS_9CE.xls
[2010/04/07 16:42:36 | 000,018,944 | ---- | C] () -- D:\Mes Documents\CR finance.xls
[2010/04/07 16:42:36 | 000,015,360 | ---- | C] () -- D:\Mes Documents\Campaign 002.xls
[2010/04/07 16:42:36 | 000,013,824 | ---- | C] () -- D:\Mes Documents\ER_BPWS.xls
[2010/04/07 16:42:35 | 000,079,360 | ---- | C] () -- D:\Mes Documents\2007_07_02_change-request_19_V1.0.doc
[2010/04/07 14:36:54 | 000,000,585 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 14:18:04 | 000,001,124 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers Slide-A0-FT4 Packages-EN.ppt.lnk
[2010/04/07 14:18:04 | 000,000,545 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\THE Rename.lnk
[2010/04/07 14:18:04 | 000,000,467 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers TSCADRAW.EXE.lnk
[2010/04/07 14:18:03 | 000,002,453 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Word 2007.lnk
[2010/04/07 14:18:03 | 000,002,411 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Excel 2007.lnk
[2010/04/07 14:18:03 | 000,002,307 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Communicator 2007.lnk
[2010/04/07 14:18:03 | 000,002,133 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Open Workbench.lnk
[2010/04/07 14:18:03 | 000,002,072 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Access 2003.lnk
[2010/04/07 14:18:03 | 000,002,036 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Project 2003.lnk
[2010/04/07 14:18:03 | 000,001,960 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Visio 2003.lnk
[2010/04/07 14:18:03 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\MyDVD.lnk
[2010/04/07 14:18:03 | 000,001,423 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Calculatrice.lnk
[2010/04/07 14:18:03 | 000,000,537 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\NetMeeting.lnk
[2010/04/07 14:18:03 | 000,000,404 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers sxxxxx.lnk
[2010/04/07 13:51:59 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:51:36 | 000,001,260 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\WTR.lnk
[2010/04/07 13:51:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/07 13:50:52 | 000,000,760 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Sauvegarde.lnk
[2010/04/07 13:49:33 | 000,002,334 | RHS- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.pol
[2010/04/07 13:48:33 | 000,000,284 | -HS- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.ini
[2010/04/07 13:48:32 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.dat.LOG
[2010/04/07 13:48:24 | 000,001,778 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\VPN Client.lnk
[2010/04/07 13:48:24 | 000,000,000 | ---- | C] () -- D:\Documents
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede gmourral » 18 Mai 2010, 22:53

Fin du rapport OTL

========== Files Created - No Company Name ==========

[2010/05/18 21:18:47 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2010/05/18 21:18:47 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010/05/18 21:18:47 | 000,001,174 | ---- | C] () -- C:\backup.reg
[2010/05/18 21:18:47 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/05/18 21:16:41 | 000,731,136 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.exe
[2010/05/18 19:40:58 | 000,158,208 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\assiste.doc
[2010/05/18 14:59:48 | 000,293,376 | ---- | C] () -- C:\eqoihu77.exe
[2010/05/18 14:56:48 | 000,724,952 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\avenger.zip
[2010/05/17 20:06:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 18:08:15 | 000,025,407 | ---- | C] () -- D:\Mes Documents\planning aude.gif
[2010/05/10 19:22:21 | 000,147,968 | ---- | C] () -- D:\Mes Documents\planning aude.mpp
[2010/05/10 19:20:54 | 000,064,512 | ---- | C] () -- D:\Mes Documents\planning aude.doc
[2010/05/09 22:52:22 | 000,002,159 | ---- | C] () -- D:\Documents and Settings\gxxxxx\.recently-used.xbel
[2010/05/06 08:25:35 | 000,023,235 | ---- | C] () -- C:\debug
[2010/05/05 21:32:57 | 000,000,400 | ---- | C] () -- D:\Mes Documents\spider.sav
[2010/04/28 08:52:08 | 000,001,643 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\launch.ica
[2010/04/25 21:46:09 | 000,001,616 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/04/25 06:57:47 | 039,968,832 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\cureit.exe
[2010/04/24 08:23:02 | 000,001,656 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Access Connections.lnk
[2010/04/24 06:54:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\o.sys
[2010/04/23 07:02:12 | 000,464,491 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\RootRepeal.zip
[2010/04/23 06:54:39 | 000,845,916 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Load_tdsskiller.exe
[2010/04/21 13:44:30 | 000,000,678 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/21 13:44:22 | 000,000,534 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\NTREGOPT.lnk
[2010/04/21 13:44:22 | 000,000,521 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\ERUNT.lnk
[2010/04/21 11:36:13 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Notepad++.lnk
[2010/04/21 07:11:04 | 000,002,054 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/04/18 08:27:28 | 000,000,638 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2010/04/12 14:56:59 | 000,030,208 | ---- | C] () -- D:\Mes Documents\simsgirl.doc
[2010/04/11 08:48:25 | 000,000,644 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\SWF Opener.lnk
[2010/04/11 08:36:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/04/11 08:36:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/04/11 08:36:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/04/11 08:36:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/11 08:36:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/11 08:36:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/04/08 15:19:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/08 15:13:06 | 000,000,649 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\GIMP 2.lnk
[2010/04/08 08:26:08 | 000,011,776 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 08:21:57 | 000,000,577 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Ancestrologie.lnk
[2010/04/07 17:19:25 | 000,000,553 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\TrueCrypt.lnk
[2010/04/07 16:42:36 | 000,451,584 | ---- | C] () -- D:\Mes Documents\OTMRO_Assessment tool - User Guide (V8 2).doc
[2010/04/07 16:42:36 | 000,280,064 | ---- | C] () -- D:\Mes Documents\sxxxxx-FR_SFD_I_GDP_V10 0_EN_gam.doc
[2010/04/07 16:42:36 | 000,211,456 | ---- | C] () -- D:\Mes Documents\Billet avion.doc
[2010/04/07 16:42:36 | 000,155,648 | ---- | C] () -- D:\Mes Documents\Copie de sxxxxx - Change Management Follow-up.xls
[2010/04/07 16:42:36 | 000,104,960 | ---- | C] () -- D:\Mes Documents\Copie de sxxxxx-FR_Plan de charge_V4 4.xls
[2010/04/07 16:42:36 | 000,065,024 | ---- | C] () -- D:\Mes Documents\sxxxxx CORE defects.xls
[2010/04/07 16:42:36 | 000,059,392 | ---- | C] () -- D:\Mes Documents\Chiffrage.ppt
[2010/04/07 16:42:36 | 000,043,943 | ---- | C] () -- D:\Mes Documents\Learning_Agreement_In_2009-2010.pdf
[2010/04/07 16:42:36 | 000,034,816 | ---- | C] () -- D:\Mes Documents\Animation des ateliers avec Rio Tinto Alcan.doc
[2010/04/07 16:42:36 | 000,033,518 | ---- | C] () -- D:\Mes Documents\vanguard.xlsx
[2010/04/07 16:42:36 | 000,031,120 | ---- | C] () -- D:\Mes Documents\e-Speaking Commands.xml
[2010/04/07 16:42:36 | 000,028,160 | ---- | C] () -- D:\Mes Documents\Bonjour.doc
[2010/04/07 16:42:36 | 000,022,528 | ---- | C] () -- D:\Mes Documents\Facturation Core.xls
[2010/04/07 16:42:36 | 000,022,016 | ---- | C] () -- D:\Mes Documents\WBS_9CE.xls
[2010/04/07 16:42:36 | 000,018,944 | ---- | C] () -- D:\Mes Documents\CR finance.xls
[2010/04/07 16:42:36 | 000,015,360 | ---- | C] () -- D:\Mes Documents\Campaign 002.xls
[2010/04/07 16:42:36 | 000,013,824 | ---- | C] () -- D:\Mes Documents\ER_BPWS.xls
[2010/04/07 16:42:35 | 000,079,360 | ---- | C] () -- D:\Mes Documents\2007_07_02_change-request_19_V1.0.doc
[2010/04/07 14:36:54 | 000,000,585 | ---- | C] () -- D:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 14:18:04 | 000,001,124 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers Slide-A0-FT4 Packages-EN.ppt.lnk
[2010/04/07 14:18:04 | 000,000,545 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\THE Rename.lnk
[2010/04/07 14:18:04 | 000,000,467 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers TSCADRAW.EXE.lnk
[2010/04/07 14:18:03 | 000,002,453 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Word 2007.lnk
[2010/04/07 14:18:03 | 000,002,411 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Excel 2007.lnk
[2010/04/07 14:18:03 | 000,002,307 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Communicator 2007.lnk
[2010/04/07 14:18:03 | 000,002,133 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Open Workbench.lnk
[2010/04/07 14:18:03 | 000,002,072 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Access 2003.lnk
[2010/04/07 14:18:03 | 000,002,036 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Project 2003.lnk
[2010/04/07 14:18:03 | 000,001,960 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Microsoft Office Visio 2003.lnk
[2010/04/07 14:18:03 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\MyDVD.lnk
[2010/04/07 14:18:03 | 000,001,423 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Calculatrice.lnk
[2010/04/07 14:18:03 | 000,000,537 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\NetMeeting.lnk
[2010/04/07 14:18:03 | 000,000,404 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Raccourci vers sxxxxx.lnk
[2010/04/07 13:51:59 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 13:51:59 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 13:51:36 | 000,001,260 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\WTR.lnk
[2010/04/07 13:51:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2010/04/07 13:50:52 | 000,000,760 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\Sauvegarde.lnk
[2010/04/07 13:49:33 | 000,002,334 | RHS- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.pol
[2010/04/07 13:48:33 | 000,000,284 | -HS- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.ini
[2010/04/07 13:48:32 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.dat.LOG
[2010/04/07 13:48:24 | 000,001,778 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Bureau\VPN Client.lnk
[2010/04/07 13:48:24 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\gxxxxx\Default User v LXP.6.txt
[2010/04/07 13:48:20 | 004,980,736 | -H-- | C] () -- D:\Documents and Settings\gxxxxx\ntuser.dat
[2009/09/10 17:41:31 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/03/24 05:14:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2008/11/03 17:09:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2008/09/17 18:30:00 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/09/17 18:29:17 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/09/17 18:29:16 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/09/17 17:12:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/17 17:12:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/17 17:12:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/17 17:12:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/17 17:12:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/17 17:12:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/17 17:08:17 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/09/17 17:08:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/17 11:49:31 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/17 10:27:04 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2008/09/17 10:26:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ActivPackTok.dll
[2008/09/17 10:26:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ActivPackAPI.dll
[2008/09/17 10:26:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ActivPackErrLog.dll
[2008/09/16 20:15:46 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/09/16 20:14:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/09/16 19:13:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/01/04 15:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\renMM.dll
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\therename.dll
[2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\renogg.dll

========== LOP Check ==========

[2010/04/28 10:12:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Citrix
[2009/09/07 16:09:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Lenovo
[2010/04/07 17:19:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TrueCrypt
[2008/10/31 18:35:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Uninstall
[2010/05/12 20:36:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\ATManager
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\Avaya
[2010/05/09 22:52:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\gtk-2.0
[2010/04/28 10:17:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\ICAClient
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\InterVideo
[2009/06/11 17:45:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\Lenovo
[2009/09/08 16:13:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\Notepad++
[2010/04/14 19:20:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\gxxxxx\Application Data\TrueCrypt
[2010/05/18 23:39:06 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2010/05/18 21:18:47 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010/05/18 14:59:49 | 000,293,376 | ---- | M] () -- C:\eqoihu77.exe
[2010/05/18 21:18:47 | 000,135,168 | ---- | M] () -- C:\zip.exe


<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/05/13 07:02:35 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

<MD5>
[2008/11/03 18:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Program Files\Lenovo\System Update\session\7zim57ww\IaStor.sys
[2008/11/03 18:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\WINDOWS\system32\ReinstallBackups\0029\DriverFiles\iaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Lenovo\System Update\session\7zim64ww\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2008/04/13 18:57:36 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/13 18:57:36 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\dllcache\redbook.sys
[2008/04/13 18:57:36 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> D:\Documents and Settings\gxxxxx\Bureau\launch.ica:SummaryInformation
<End>
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede nickW » 20 Mai 2010, 22:54

Bonsoir,

Quel est l'état du PC après ces derniers nettoyages?
(fenêtres indésirables, fichiers en "génération spontanée", messages de l'antivirus, etc, etc....)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede gmourral » 21 Mai 2010, 20:03

Depuis 3 jours tout se passe bien.
Rien d'anormal à signaler. je pense ce post est clos.
Merci pour ton aide
Guy-Arnaud
gmourral
 
Messages: 32
Inscription: 26 Juil 2009, 11:18

Messagede nickW » 22 Mai 2010, 00:16

Bonsoir,

Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut vider les fichiers stockés dans les dossiers de la Restauration système, puis créer un nouveau point de restauration qui sera utilisable en cas de problème.
Méthode:
Désactiver la restauration système, réactiver la restauration système, puis créer un nouveau point de restauration.
Explications détaillées:
http://assiste.com.free.fr/p/comment/co ... ation.html


ImageUn conseil important:

Java de Sun
Installer la nouvelle version de Java de Sun.

Version actuelle: Java SE Runtime Environment (JRE) 6 Update 20 - JRE 6 Update 20
*- http://java.sun.com/javase/downloads/index.jsp

Dans le paragraphe "Java Platform, Standard Edition", cliquer sur le bouton Image (Download JRE).

Sur la page suivante, dans le paragraphe "Provide Information, then Continue to Download", choisir la plateforme (Windows/Windows x64), cocher la case située devant "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement.", puis cliquer sur le bouton Continue >>

Sur la nouvelle page, sous "Windows Offline Installation", télécharger le fichier jre-6u20-windows-i586.exe, 15,54 MB
Fermer tous les navigateurs (Internet Explorer, Firefox, etc), puis faire un double clic sur jre-6u20-windows-i586.exe pour lancer l'installation.

Après l'installation de la nouvelle version, il est impératif de désinstaller toutes les versions obsolètes dont les failles sont utilisées par les "malveillants".
Pour ce faire:

JavaRa (de Fred de Vries et Paul McLain)
Télécharger JavaRa depuis cette page: http://raproducts.org/
(Dans l'article JavaRa, cliquer sur Download Windows Binary (.zip file)).
Enregistrer le fichier JavaRa.zip sur le Bureau.
Créer un nouveau dossier nommé JavaRa et y décompresser la totalité de l'archive (clic droit, puis Extraire tout).
Ouvrir le dossier JavaRa puis faire un double clic sur JavaRa.exe pour lancer l'outil.

Sous "Select the language of your choice below" choisir (via la liste déroulante) Français et cliquer sur le bouton Select.

Cliquer sur le bouton Effacer les anciennes versions et valider ce choix en cliquant sur Oui ("Êtes-vous sûr de vouloir poursuivre?").

Cliquer deux fois sur OK.
Un rapport va s'afficher dans le Bloc-notes. Fermer le Bloc-notes.
Fermer JavaRa.


ImageUn conseil:
Désactiver la fonction de lancement automatique ("autorun") sur les lecteurs amovibles.
Voir ce sujet de Gof:
Guide sécurisation Windows face aux menaces infectieuses USB
http://assiste.forum.free.fr/viewtopic.php?t=25228
Lire également (de Gof):
Les infections se propageant par les supports amovibles : USB, Flash, etc.
http://forum.zebulon.fr/infections-par- ... 31959.html
... et sa synthèse ici


ImageUn conseil:
Image Il est préférable de supprimer OTL (fichier téléchargé OTL.exe et fichiers résultats OTL.Txt et Extras.Txt situés sur le Bureau, ainsi que, s'il existe, le fichier de travail fix.txt).
Note: S'il existe, le dossier SystemDrive\_OTL contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer TDSSKiller (archive téléchargée tdsskiller.zip, fichier programme TDSSKiller.exe et fichier rapport rapportK.txt)
Image Il est préférable de supprimer RootRepeal (fichier téléchargé RootRepeal.zip et dossier de travail RootRepeal).
Image Il est préférable de supprimer Dr.Web CureIt (fichier téléchargé cureit.exe et fichier rapport DrWeb.csv).
Image Il est préférable de supprimer The Avenger (fichier téléchargé avenger.zip, exécutable avenger.exe, fichier(s) de travail aven*.txt, SystemDrive\backup.reg, SystemDrive\zip.exe, SystemDrive\cleanup.exe, SystemDrive\cleanup.bat, et fichier rapport SystemDrive\avenger.txt).
Note: The Avenger a également sauvegardé les modifications qu'il a effectuées dans le fichier archive %SystemDrive%\avenger\backup.zip. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer cette archive puis le dossier vide %SystemDrive%\avenger.
Image Il est préférable de supprimer Gmer (fichier téléchargé au nom aléatoire et fichiers rapports gmer-******.txt).
Image Il est préférable de supprimer JavaRa (fichier téléchargé JavaRa.zip, dossier JavaRa et fichier résultat SystemDrive\JavaRa.log)
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: MSN [Bot] et 4 invités