Page 3 sur 3

MessagePosté: 05 Juil 2010, 11:02
de midosss
bonjour

merci encorree j'ai fait ce que je doit avec erunt je croi maintenent je doit refaire avec OTL ; hijack ; malware

j'ai ignorer les etape qu'on peut les ignorer .. merciii

MessagePosté: 05 Juil 2010, 11:18
de midosss
tout est tres detaillé je n c pas pk au debut g pa compri dsl merci encore

voila OTL
apres c hijack
et apres malware..



OTL logfile created on: 05/07/2010 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 33,26 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive D: | 219,95 Gb Total Space | 219,87 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWEET-4DF474995
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/02 01:25:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\OTL.exe
PRC - [2010/06/29 04:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/04/09 21:27:13 | 000,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/01/09 23:01:22 | 000,955,392 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2009/12/04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/12/04 16:34:52 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/11/10 00:37:36 | 000,096,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2009/11/10 00:37:18 | 000,221,232 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/11/07 02:40:54 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/10/27 17:58:58 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/27 17:58:48 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/07/31 04:27:10 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\mcuicnt.exe
PRC - [2009/07/28 02:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/21 13:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 14:08:06 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/02 14:08:06 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPM09_6162v012\WDM\stacsv.exe
PRC - [2009/03/02 12:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/18 14:41:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/14 16:05:54 | 001,708,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/08/15 09:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/06/05 18:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2006/10/18 19:02:40 | 001,961,576 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/10/18 18:58:48 | 001,185,264 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/10/17 12:47:22 | 000,087,584 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
PRC - [2006/10/17 12:47:16 | 000,230,944 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2006/09/07 19:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2004/08/04 06:54:50 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/02 01:25:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\OTL.exe
MOD - [2009/10/27 17:59:06 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/08/15 09:46:02 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/05/11 04:54:08 | 000,372,736 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2006/10/23 07:27:10 | 000,311,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2006/09/07 19:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/08/25 08:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:53:54 | 004,491,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2004/08/04 05:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/10 00:37:38 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/11/10 00:37:18 | 000,221,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/11/07 02:40:54 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/10/27 17:58:58 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/21 13:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/02 14:08:06 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPM09_6162v012\WDM\stacsv.exe -- (STacSV)
SRV - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/06/05 18:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2006/10/26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/17 12:47:16 | 000,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/22 12:45:39 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/22 12:45:39 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/12/22 12:45:37 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/12/22 12:42:59 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009/12/22 12:41:06 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/04 16:34:56 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/07 02:40:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/27 17:58:32 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/11 09:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/06 07:56:16 | 000,113,024 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/04 18:32:26 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AMBFilt.sys -- (AMBFilt)
DRV - [2009/03/02 14:08:06 | 001,550,547 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/10 19:30:06 | 003,453,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/02 15:56:58 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MonFilt.sys -- (MonFilt)
DRV - [2008/11/26 12:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/21 19:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/10/07 02:01:00 | 000,268,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/10/06 10:55:22 | 000,144,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/10/04 10:40:30 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2008/08/07 18:42:48 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/03 23:35:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 11:03:00 | 000,289,664 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/05/21 15:02:48 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/10 14:46:24 | 000,020,736 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 18:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/09/20 12:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/06/08 02:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Afx.sys -- (OA009Afx)
DRV - [2006/12/26 14:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/26 14:54:34 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2006/11/02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/02/26 16:47:56 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\..\URLSearchHook: {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "IMBooster4web-en Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {53724739-8c9b-4b6d-904d-de60ae2a431c}:1.1.1
FF - prefs.js..extensions.enabledItems: {b905bc9d-6059-4517-a6b4-950d26299a2b}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/07/02 01:13:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 13:15:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 16:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/09 21:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/07/02 14:38:23 | 000,000,000 | ---D | M]

[2009/12/26 22:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/07/05 00:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions
[2010/02/28 17:39:37 | 000,000,000 | ---D | M] (Fbosf) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{53724739-8c9b-4b6d-904d-de60ae2a431c}
[2007/06/18 01:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/26 22:38:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/02/09 18:28:14 | 000,000,000 | ---D | M] (radiodofus Toolbar) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b905bc9d-6059-4517-a6b4-950d26299a2b}
[2007/06/18 01:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\TEMP
[2007/06/18 01:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\videodowloader@videodownloader.net
[2010/01/20 12:13:42 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\searchplugins\conduit.xml
[2010/07/05 00:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/02 16:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/12/31 11:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2010/07/02 16:17:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/21 01:56:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/21 01:56:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/21 01:56:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/26 22:38:02 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/21 01:56:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/26 23:54:50 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2002/09/07 02:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (radiodofus Toolbar) - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (radiodofus Toolbar) - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-299502267-1450960922-725345543-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-299502267-1450960922-725345543-500\..\Toolbar\WebBrowser: (radiodofus Toolbar) - {B905BC9D-6059-4517-A6B4-950D26299A2B} - C:\Program Files\radiodofus\tbradi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-299502267-1450960922-725345543-500\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-299502267-1450960922-725345543-500..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-299502267-1450960922-725345543-500..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/22 12:40:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 11:41:09 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/05 11:41:09 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/05 17:16:14 | 000,000,086 | ---- | M] () - D:\AUTORUN.inf.non.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/22 12:39:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/05 11:41:09 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/07/05 11:01:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2010/07/02 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/02 16:17:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/02 15:43:09 | 000,000,000 | ---D | C] -- C:\Dev-Pas
[2010/07/02 14:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\BYOND
[2010/07/02 14:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\BYOND
[2010/07/02 02:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/02 01:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/02 00:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\ForceField Shared Files
[2010/07/02 00:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\CheckPoint
[2010/07/02 00:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/07/02 00:57:44 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc040c.dll
[2010/07/02 00:57:43 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/07/02 00:57:42 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/07/02 00:57:42 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/07/02 00:57:38 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/07/02 00:57:37 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/07/02 00:57:37 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/07/02 00:57:36 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/07/02 00:57:36 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/07/02 00:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/07/02 00:57:35 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/07/02 00:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/07/02 00:57:08 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/07/02 00:57:08 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/07/02 00:57:08 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/07/02 00:57:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/07/02 00:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/30 13:38:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/06/30 13:28:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/30 13:28:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/30 13:28:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/30 13:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/30 13:17:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/06/28 19:10:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~1
[2010/06/27 23:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
[2010/06/27 23:09:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/27 23:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/27 23:09:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/27 23:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/23 01:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/22 15:54:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/06/22 15:54:57 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/06/22 15:54:57 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/06/22 15:54:57 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/06/22 15:54:56 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/06/22 15:54:56 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/06/22 15:54:56 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/06/22 15:54:55 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/06/22 15:54:55 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/06/22 15:54:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/06/22 15:54:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/06/22 15:54:54 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/06/22 15:54:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/06/22 15:54:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/06/22 15:54:53 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/06/22 15:54:53 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/06/22 15:54:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/06/22 15:54:52 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/06/22 15:54:52 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/06/22 15:54:51 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/06/22 15:54:51 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/06/22 15:54:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/06/22 15:54:50 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/06/22 15:54:50 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/06/22 15:54:50 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/06/22 15:54:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/06/22 15:54:49 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/06/22 15:54:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/06/22 15:54:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/06/22 15:54:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/06/22 15:54:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/06/22 15:54:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/06/22 15:54:48 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/06/22 15:54:47 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/06/22 15:54:47 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/06/22 15:54:47 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/06/22 15:54:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/06/22 15:54:47 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/06/22 15:54:46 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/06/22 15:54:46 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/06/22 15:54:46 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/06/22 15:54:45 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/06/22 15:54:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/06/22 15:54:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/06/22 15:54:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/06/22 15:54:44 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/06/22 15:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/22 15:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\RomStation
[2010/06/20 17:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/06/20 17:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Yahoo!
[2010/06/20 17:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/06/20 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/20 17:48:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/06/18 14:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
[2010/06/17 21:24:05 | 000,000,000 | ---D | C] -- C:\hijackthis
[2010/06/13 23:11:21 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/13 23:11:21 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/06/13 23:11:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/13 23:11:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/13 23:11:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/13 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/13 23:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/06/05 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\SAGEM
[2010/06/05 17:24:07 | 000,519,168 | ---- | C] (Atheros Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanBZXP.SYS
[2010/06/05 17:24:07 | 000,094,208 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\System32\ZDCN50.dll
[2010/06/05 17:24:07 | 000,020,736 | ---- | C] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\System32\ZDCndis5.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/05 11:58:00 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500UA.job
[2010/07/05 11:51:21 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/05 11:51:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/07/05 11:51:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/07/05 11:10:22 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
[2010/07/05 11:02:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 11:02:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 11:02:11 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/07/05 02:35:43 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/07/04 17:58:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-725345543-500Core.job
[2010/07/04 13:11:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2010/07/03 20:49:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/03 00:04:10 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/02 16:17:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/02 16:17:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/02 16:17:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/02 16:17:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/02 16:17:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/02 15:43:14 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-Pascal.lnk
[2010/07/02 13:54:40 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Google Chrome.lnk
[2010/07/02 13:54:40 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/02 00:58:16 | 000,428,416 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/02 00:57:47 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/30 13:30:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/29 16:58:06 | 002,107,728 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/06/25 11:40:03 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/24 18:05:15 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/22 18:37:01 | 000,002,827 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\vba.ini
[2010/06/22 12:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/20 17:52:12 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/18 14:57:59 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Ares.lnk
[2010/06/17 19:56:13 | 003,148,854 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\client out of synch.bmp
[2010/06/16 16:32:25 | 003,148,854 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre.bmp
[2010/06/13 23:11:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/06/09 17:38:07 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\DofusAppId0_2
[2010/06/09 17:37:47 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\D2Info0
[2010/06/09 12:56:13 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\DofusAppId0_1
[2010/06/09 02:16:29 | 002,359,350 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010/06/09 01:00:31 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\DofusAppId0_3
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 11:51:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\NTREGOPT.lnk
[2010/07/05 11:51:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/07/03 00:04:10 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/02 15:43:14 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Dev-Pascal.lnk
[2010/07/02 01:58:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/02 00:57:47 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/02 00:57:35 | 000,428,416 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/18 14:57:59 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Ares.lnk
[2010/06/17 19:52:28 | 003,148,854 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\client out of synch.bmp
[2010/06/16 16:32:25 | 003,148,854 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre.bmp
[2010/06/13 23:11:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/06/09 02:16:29 | 002,359,350 | ---- | C] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010/04/17 22:07:54 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2010/04/10 21:17:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/14 02:45:18 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/02/08 19:30:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/24 13:06:33 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/24 13:06:31 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/22 12:41:05 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/22 12:36:44 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\vbrun100.dll
[2009/12/22 12:36:38 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008/08/15 09:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/06/26 22:18:34 | 000,000,632 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/12 18:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
[2010/01/02 00:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\app
[2010/07/02 00:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\CheckPoint
[2010/06/08 20:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Dofus 2
[2010/04/24 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/25 02:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/04/24 12:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2009/12/22 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FlashFXP
[2010/05/28 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
[2010/01/30 12:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\MusicIP
[2010/01/02 00:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/02/28 19:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Sahmon Games
[2009/12/22 12:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
[2009/12/22 13:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TMP
[2009/12/22 12:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/12/24 00:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/07 19:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2010/07/05 11:10:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/07/05 11:11:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~1
[2010/04/25 21:43:03 | 000,000,522 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job.non.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2007/06/26 22:23:43 | 016,734,391 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

<MD5>
[2007/06/26 22:23:43 | 016,734,391 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2004/08/04 06:54:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2004/08/04 06:54:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2004/08/04 06:54:38 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2008/12/10 18:10:56 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>
<End>

MessagePosté: 05 Juil 2010, 11:18
de midosss
OTL Extras logfile created on: 05/07/2010 12:15:29 - Run 4
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 33,26 Gb Free Space | 42,57% Space Free | Partition Type: NTFS
Drive D: | 219,95 Gb Total Space | 219,87 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWEET-4DF474995
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E8EBB-8CA8-776C-CB79-831E60A6B731}" = CCC Help French
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{103906AD-C60E-4E65-BC84-CE980D19CE41}" = Shockwave Player
"{12F1FA94-24DA-50B4-3B88-0F0FFAC876B4}" = CCC Help German
"{138B2015-2718-CA93-EC3A-ABA3658EF8ED}" = Catalyst Control Center Graphics Previews Common
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{19ED3FD3-13BC-2001-4649-9AE16964BBC4}" = Catalyst Control Center Localization Russian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{2137524A-2B6E-B659-5D12-A7975431747A}" = CCC Help Korean
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2525AAE1-7EED-CD8A-316E-64D8D0179AF4}" = CCC Help Danish
"{25452916-3DE5-D7E0-4FD9-2089ABF6691C}" = Catalyst Control Center Graphics Light
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2AD21184-F737-1428-6819-D51AF9FDEA9B}" = CCC Help Chinese Standard
"{3003E8D8-59A7-44BF-FF10-5D7C1C4BF836}" = Catalyst Control Center Localization Korean
"{31B7DA56-13BA-6A28-6982-ADC042D36094}" = CCC Help Swedish
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32A3A4F4-B792-11D6-A78A-00B0D0160010}" = Java(TM) SE Development Kit 6 Update 1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37FF6402-4EBF-5147-7BD7-D975CF2D7B02}" = Catalyst Control Center Localization Italian
"{3AF35398-212E-CCB7-C5BB-FC967A31CD17}" = Catalyst Control Center Localization Dutch
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4905C2C7-96CB-4DD9-A706-C427913DE5AE}" = Barbarian Invasion
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6052D61F-54A8-DFB2-163F-43480F631FDC}" = ccc-utility
"{60AEAC1F-547C-DA38-5E62-9F741A6914BA}" = Catalyst Control Center Localization Portuguese
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1CCAA7-275F-6207-CE24-B0747F6C5150}" = Catalyst Control Center Localization Danish
"{6D7EE20E-5659-A7BA-E9E1-5A6C4C8F4DF0}" = CCC Help Portuguese
"{6F7A8810-465E-4E2C-AD5C-986046016CD1}" = Winamp AudioPlayer
"{70409C7B-24E8-D823-980B-1D1CAD3B0E17}" = CCC Help Norwegian
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 with Security Updates
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F99C50-73E0-90B7-0457-CD1E1D761293}" = Catalyst Control Center Core Implementation
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7CD3BF33-CDC9-7C28-D3F8-68A1AF3A05FE}" = CCC Help Spanish
"{7CFFE499-9DB8-8D71-232F-9B8A17B9503F}" = Catalyst Control Center Localization German
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{7EEC88D4-B253-B421-26B0-BB242E60D9AF}" = CCC Help Japanese
"{7FFA5EDE-B89D-E191-7DE5-A4BC36870F0D}" = Catalyst Control Center Graphics Full New
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{850C809C-907A-44BB-CFE2-8A928F7D8225}" = Catalyst Control Center Localization Norwegian
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CC21D9D-86AD-6D65-84F1-54FE681C6D0C}" = Catalyst Control Center Localization Japanese
"{8F426CA1-1B8B-DE79-AC22-367EB579D58F}" = Catalyst Control Center Localization Swedish
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}" =
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{91A06334-CB8D-422A-9699-251217674FD4}" = ACDSee 9 Gestionnaire de photos
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C3C9468-7082-3259-3719-3C5E4E699179}" = ccc-core-static
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9EE47077-7F32-3CBE-1801-B4B12089CC7D}" = CCC Help Russian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7529F94-DF1F-D16B-92F1-63DAEE37EE28}" = Catalyst Control Center Localization Spanish
"{A7DA0E11-3D40-7120-2896-B12D402CE79D}" = Catalyst Control Center Graphics Full Existing
"{A83A2443-32B4-E2C2-FD8C-A331F865D928}" = ccc-core-preinstall
"{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.0 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C00125DA-4062-C054-93D8-063F0E043EA5}" = CCC Help Finnish
"{C46666C1-9D3A-ACFF-41F3-C6C7B257D3E3}" = Catalyst Control Center Localization Chinese Standard
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5F1D23A-5282-467D-B0DA-B0D6F661D587}" = SAGEM F@st 2604
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC145DBE-9F4C-4AA3-B951-D194204B16B5}" = CCC Help Italian
"{CC431AE0-60DC-451B-A7A9-FBBC2BE5E86F}" = LastChaosFRA
"{CC9B0A04-6F4F-A681-42A6-9E16A3ED928D}" = CCC Help English
"{CE7F5944-817B-2040-F676-BB54D94BA9DB}" = Catalyst Control Center Localization Chinese Traditional
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D135F0B5-5800-B60A-493C-685E310923A8}" = Catalyst Control Center Localization French
"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{D669CCB3-87DA-959A-A1B8-C5A9186BE5B7}" = CCC Help Dutch
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD7EAB1E-9BE7-BF14-42AD-24E63B9393DD}" = Catalyst Control Center Localization Finnish
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E63046F9-7B93-F4DD-520F-AB8346DD914D}" = CCC Help Chinese Traditional
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Registry Tracer" = Advanced Registry Tracer
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"Ares" = Ares 2.1.3
"Astro Avenger 2_is1" = Astro Avenger 2
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Utilitaire de la carte réseau local sans fil Wireless de Dell
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"CloneCD" = CloneCD
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-02-22
"Creative OA009" = Integrated Webcam Driver (1.01.01.1007)
"DungeonSiege2" = Dungeon Siege 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HashTab Shell Extension" = HashTab Shell Extension 1.11 for x32
"HijackThis" = HijackThis 2.0.2
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.33
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"Kristanix Right Click Image Converter" = Right Click Image Converter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Media Player Classic" = Media Player Classic fr
"Microsoft .NET Framework 2.0 with Security Updates" = Microsoft .NET Framework 2.0 with Security Updates
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (2.0.0.4)" = Mozilla Thunderbird (2.0.0.4)
"Need For Extreme 3D_is1" = Need For Extreme 3D
"Nero7Lite_is1" = Nero 7 Lite 7.7.5.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel PROSet Wireless
"QuickPar" = QuickPar 0.9
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"radiodofus Toolbar" = radiodofus Toolbar
"RealAlt_is1" = Real Alternative 1.52 Lite
"RealPlayer 6.0" = RealPlayer
"RomStation" = RomStation
"Unlocker" = Unlocker 1.8.5
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZOODomino_is1" = ZOODomino

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1450960922-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/06/2010 11:15:15 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/06/2010 11:15:15 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1984

Error - 05/06/2010 11:15:15 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1984

Error - 05/06/2010 11:15:39 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/06/2010 11:15:39 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26656

Error - 05/06/2010 11:15:39 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26656

Error - 05/06/2010 13:53:05 | Computer Name = SWEET-4DF474995 | Source = Google Update | ID = 20
Description =

Error - 05/06/2010 14:53:05 | Computer Name = SWEET-4DF474995 | Source = Google Update | ID = 20
Description =

Error - 05/06/2010 16:27:47 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/06/2010 16:27:47 | Computer Name = SWEET-4DF474995 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1954

[ System Events ]
Error - 03/07/2010 14:49:24 | Computer Name = SWEET-4DF474995 | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 04/07/2010 05:55:04 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Serveur d'accès au réseau local Bluetooth n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 04/07/2010 05:55:04 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Connection TV/vidéo Microsoft n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 04/07/2010 15:00:53 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Serveur d'accès au réseau local Bluetooth n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 04/07/2010 15:00:53 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Connection TV/vidéo Microsoft n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 04/07/2010 19:31:10 | Computer Name = SWEET-4DF474995 | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 10.8.8.55 pour la carte réseau dont l'adresse
réseau est 00FF410D1494 a été refusé par le serveur DHCP 10.34.71.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 05/07/2010 04:54:18 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Serveur d'accès au réseau local Bluetooth n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 05/07/2010 04:54:18 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Connection TV/vidéo Microsoft n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 05/07/2010 05:02:52 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Serveur d'accès au réseau local Bluetooth n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 05/07/2010 05:02:52 | Computer Name = SWEET-4DF474995 | Source = Service Control Manager | ID = 7000
Description = Le service Connection TV/vidéo Microsoft n'a pas pu démarrer en raison
de l'erreur : %%1058


<End>

MessagePosté: 05 Juil 2010, 11:21
de midosss
hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:51, on 05/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpm09_6162v012\wdm\STacSV.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Mes documents\Downloads\HiJackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpm09_6162v012\wdm\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 13766 bytes

MessagePosté: 05 Juil 2010, 11:29
de midosss
en fin malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4277

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

05/07/2010 12:28:22
mbam-log-2010-07-05 (12-28-22).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 123228
Temps écoulé: 3 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> No action taken.

MessagePosté: 08 Juil 2010, 02:18
de midosss
merci comeme =/