[OK] Petit souci avec Trojan Vrtumondo récalcitrant

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Petit souci avec Trojan Vrtumondo récalcitrant

Messagede dahu74 » 12 Nov 2010, 02:55

Bonjour,
Spybot a identifié ce trojan mais n'arrive pas à l'éliminer, malgré avoir fait tourner Spybot (analyse+correction) 6 fois.
Il se manifeste par une tentative d'ouverture de fenêtre dans Firefox. Plus des messages de demande d'autorisation de modification du registre.
J'ai téléchargé Malwarebytes' Anti-Malware sur le bureau, l'ai installé mais il ne démarre pas (ai installé 1.17 et 1.46 à 2 reprises, sans résultat, alors que cela démarre sur mon autre pc...)
A tout hasard, voici le rapport de highjackthis (les rapports de OTL sont dans 2 autres messages)
Merci pour votre aide!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:52:22, on 12/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\KeyMap\Keymap.exe
C:\Program Files\VPN Lifeguard\VpnLifeguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\xplorer2_lite\xplorer2_lite.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [rqpnnnsys] rundll32.exe "vtutus.dll",s
O4 - HKLM\..\Run: [wvvvwuaudio] rundll32.exe "qommjg.dll",s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: VPN Lifeguard.lnk = C:\Program Files\VPN Lifeguard\VpnLifeguard.exe
O4 - Global Startup: KeyMap.lnk = C:\Program Files\KeyMap\Keymap.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: Download with Xilisoft Dailymotion Vidéo Convertisseur - C:\Program Files\Dailymotion Video Converter\upod_link.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE2F9341-19AE-4EF6-AAD0-0BCBAD0BEC69}: NameServer = 192.168.1.1
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Flrcsvcup - Unknown owner - C:\WINDOWS\system32\mobsync.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravure de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

--
End of file - 10265 bytes
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Rapport OTL.txt

Messagede dahu74 » 12 Nov 2010, 02:57

OTL logfile created on: 12/11/2010 02:22:50 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Christophe\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23,79 Gb Total Space | 12,03 Gb Free Space | 50,56% Space Free | Partition Type: NTFS
Drive D: | 218,23 Gb Total Space | 105,65 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
Drive F: | 209,96 Gb Total Space | 69,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive G: | 14,65 Gb Total Space | 11,11 Gb Free Space | 75,80% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 429,30 Gb Free Space | 46,09% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 42,91 Gb Free Space | 9,21% Space Free | Partition Type: NTFS

Computer Name: ANTEC | User Name: Christophe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/12 02:13:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
PRC - [2010/09/02 08:41:06 | 000,307,200 | ---- | M] (philippe734 - Vous devez exécuter le programme en tant qu'administrateur) -- C:\Program Files\VPN Lifeguard\VpnLifeguard.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe
PRC - [2009/11/12 09:30:32 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/12 09:28:40 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/01 11:24:50 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/12/18 14:34:36 | 000,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/07/13 07:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2004/08/05 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/16 18:38:16 | 000,077,824 | ---- | M] (http://www.reseau.org/keymap) -- C:\Program Files\KeyMap\Keymap.exe


========== Modules (SafeList) ==========

MOD - [2010/11/12 02:13:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 00:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/04/16 15:32:34 | 000,053,248 | ---- | M] (Orange) -- C:\Program Files\mes données\OSDExtension.dll
MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/12/01 22:56:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/05 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/05 13:00:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll
MOD - [2004/08/05 13:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2004/08/05 13:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2001/10/16 18:52:36 | 000,053,248 | ---- | M] (http://www.reseau.org/keymap) -- C:\Program Files\KeyMap\MAP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 23:14:18 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/12 09:28:40 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/12 09:25:24 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/04/16 00:21:52 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/06/27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/29 02:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/14 06:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/10/04 22:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/08/05 19:01:34 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/01/21 14:25:22 | 000,137,384 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs32.sys -- (CbFs)
DRV - [2009/01/20 21:31:31 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/11/05 16:05:59 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/05 00:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/03 18:10:12 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007/07/03 18:10:10 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007/01/16 02:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/08/14 07:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 14:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/17 10:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/12 20:12:01 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2005/11/21 06:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/10/27 15:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/05 19:46:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/05/07 14:54:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2002/09/16 18:07:24 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1060284298-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.fr"
FF - prefs.js..browser.search.defaultenginename: "google.fr"
FF - prefs.js..browser.search.order.1: "google.fr"
FF - prefs.js..browser.search.selectedEngine: "Google France - France"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.torrent411.com/browse.php?c9=1&c34=1&c30=1&c77=1&c110=1&c92=1&c94=1&submit.x=88&submit.y=16|http://www.demonoid.com/error_messages.php?error_id=7|http://www.rue89.com/|http://www.liberation.fr/|http://tempsreel.nouvelobs.com/index.html|http://www.marianne2.fr/|http://www.rhone-alpesolidaires.org/|http://www.creai-ra.com/|http://www.ca-des-savoie.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: uploader@adblockfilters.mozdev.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 21:56:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 15:35:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/31 18:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/09 11:56:10 | 000,000,000 | ---D | M]

[2010/01/08 23:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Extensions
[2010/01/08 23:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/11 21:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions
[2010/10/07 07:39:11 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/07/27 11:14:41 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/09/29 09:29:17 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/01/31 19:08:46 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010/11/05 07:58:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/06 17:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/09/30 09:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\foxmarks@kei.com
[2009/12/08 10:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\uploader@adblockfilters.mozdev.org
[2009/09/21 11:20:08 | 000,001,423 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\bittorrent.xml
[2009/09/21 11:20:08 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\ciao.xml
[2008/11/05 16:42:16 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\daemon-search.xml
[2009/09/21 11:20:08 | 000,001,943 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\divxovore.xml
[2009/09/21 11:20:08 | 000,002,494 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\google-france---france.xml
[2009/09/21 11:20:08 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\google-maps-france.xml
[2009/09/21 11:20:09 | 000,001,364 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\kelkoo.xml
[2008/08/28 22:45:26 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\meteofrance.xml
[2008/05/30 09:39:49 | 000,001,206 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\mininova.xml
[2008/04/16 22:28:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\mozilla-add-ons.xml
[2009/09/21 11:20:10 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\mycroft-project.xml
[2009/09/21 11:20:07 | 000,002,643 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\pc-astuces.xml
[2008/11/16 11:25:52 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\rechercher-dans-quidfr.xml
[2009/12/05 16:07:05 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\searchgeek.xml
[2009/09/21 11:20:09 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\sherlock-cherche.xml
[2009/09/21 11:20:10 | 000,004,578 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\smartorrent.xml
[2008/05/30 09:39:49 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\the-pirate-bay.xml
[2010/04/13 14:10:26 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\veosearch.xml
[2009/09/21 11:20:10 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\viamichelin---francais.xml
[2010/05/20 16:55:38 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\winamp-search.xml
[2010/11/11 21:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/04 18:02:50 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/05 08:50:28 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/10/05 08:50:28 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/05 08:50:28 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/08/25 21:28:47 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/10/05 08:50:28 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/10/05 08:50:28 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/09/11 18:17:29 | 000,927,264 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 26612 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-1060284298-963894560-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [rqpnnnsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [wvvvwuaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\.DEFAULT..\Run: [pmnlkkaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\.DEFAULT..\Run: [xxvsstsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKU\S-1-5-18..\Run: [pmnlkkaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\S-1-5-18..\Run: [xxvsstsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKU\S-1-5-21-1060284298-963894560-839522115-1003..\Run: [F.lux] C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1060284298-963894560-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KeyMap.lnk = C:\Program Files\KeyMap\Keymap.exe (http://www.reseau.org/keymap)
O4 - Startup: C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\VPN Lifeguard.lnk = C:\Program Files\VPN Lifeguard\VpnLifeguard.exe (philippe734 - Vous devez exécuter le programme en tant qu'administrateur)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Download with Xilisoft Dailymotion Vidéo Convertisseur - C:\Program Files\Dailymotion Video Converter\upod_link.HTM ()
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Christophe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christophe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (vtutus.dll) - C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/24 09:43:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/20 11:38:24 | 000,000,000 | ---D | M] - F:\Autoplay -- [ NTFS ]
O33 - MountPoints2\{96448184-1d52-11df-a79d-001e8c1d4325}\Shell\AutoRun\command - "" = J:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{e4b9bafe-c953-11df-a887-001e8c1d4325}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 02:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/12 02:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/12 02:13:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
[2010/11/12 02:01:34 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/11/12 02:01:34 | 000,018,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/11/12 02:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/12 01:58:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/12 01:58:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/12 01:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/12 01:57:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Bureau\mbam-setup.exe
[2010/11/12 01:50:44 | 000,167,936 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Christophe\Bureau\StartupList.exe
[2010/11/12 01:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/11/11 22:32:33 | 000,126,464 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\qommjg.dll
[2010/11/11 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/11 19:24:01 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/11 18:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Virtu Monde Removal Tool
[2010/11/11 18:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/11 15:25:03 | 000,126,464 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\iihgfg.dll_to_be_deleted
[2010/11/11 14:12:52 | 000,121,344 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\ljghhf.dll_to_be_deleted
[2010/11/11 14:07:51 | 000,109,056 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll
[2010/11/11 14:07:51 | 000,109,056 | ---- | C] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll_old_1
[2010/11/08 15:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/10/23 22:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/31 21:18:50 | 000,455,888 | ---- | C] ( ) -- C:\Program Files\Fichiers communs\PredictAdInstaller.exe
[2008/07/19 00:10:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Christophe\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/12 02:19:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 02:16:03 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/12 02:15:53 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\NTREGOPT.lnk
[2010/11/12 02:15:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\ERUNT.lnk
[2010/11/12 02:14:10 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\scan.zip
[2010/11/12 02:13:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
[2010/11/12 02:00:14 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\HiJackThis.lnk
[2010/11/12 01:58:20 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/12 01:57:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Bureau\mbam-setup.exe
[2010/11/12 01:06:51 | 000,109,056 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll
[2010/11/12 01:06:51 | 000,000,425 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/11/12 00:12:32 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/11/11 22:32:33 | 000,126,464 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\qommjg.dll
[2010/11/11 22:27:32 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/11/11 22:27:31 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/11 22:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 22:25:16 | 000,109,056 | ---- | M] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll_old_1
[2010/11/11 20:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro temporaire fichiers travail Caro.job
[2010/11/11 15:25:03 | 000,126,464 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\iihgfg.dll_to_be_deleted
[2010/11/11 14:17:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sauvegarde Documents d'Antec sur MyBook.job
[2010/11/11 14:12:52 | 000,121,344 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\ljghhf.dll_to_be_deleted
[2010/11/11 14:05:41 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack BAL sauvegarde antec vers mybook.job
[2010/11/11 11:00:09 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Bookmarks.job
[2010/11/11 09:26:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:00:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro docs Caro Toshiba et Antec.job
[2010/11/09 14:30:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro videos entre Antec et MyBook.job
[2010/11/09 14:00:21 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro photos entre Antec et MyBook.job
[2010/11/09 11:30:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro musique entre Antec et MyBook.job
[2010/11/08 15:35:08 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/11/02 13:13:26 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Christophe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 09:41:23 | 000,501,226 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/02 09:41:23 | 000,433,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 09:41:23 | 000,081,148 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/02 09:41:23 | 000,067,874 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/12 02:16:03 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/12 02:15:53 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\NTREGOPT.lnk
[2010/11/12 02:15:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\ERUNT.lnk
[2010/11/12 02:14:10 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\scan.zip
[2010/11/12 01:58:20 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/12 01:20:30 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\HiJackThis.lnk
[2010/11/11 15:16:17 | 000,000,425 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 16:06:08 | 000,721,424 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/10 22:58:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL
[2010/05/17 17:16:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/19 08:02:48 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2009/01/20 21:12:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/02 20:29:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/11/06 10:32:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/11/05 16:05:59 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/14 16:59:27 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008/08/26 05:24:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/19 00:10:15 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\pcouffin.log
[2008/07/19 00:10:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\ezpinst.exe
[2008/07/19 00:10:12 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\pcouffin.cat
[2008/07/19 00:10:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\pcouffin.inf
[2008/06/15 23:29:12 | 000,000,046 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2008/06/01 17:30:51 | 000,006,461 | ---- | C] () -- C:\WINDOWS\easyc.ini
[2008/06/01 17:30:40 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/06/01 17:30:40 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/05/09 00:14:03 | 000,000,525 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2008/04/21 23:13:42 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\vbmgsext.ini
[2008/04/21 23:13:42 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\vbmgsent.ini
[2008/04/21 19:09:16 | 000,000,103 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2008/04/16 02:01:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/16 02:01:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/16 01:40:13 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/04/16 00:32:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/15 18:25:07 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Christophe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 11:21:20 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/01/24 11:19:09 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/24 10:21:33 | 000,013,919 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/24 10:12:30 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/24 09:54:12 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/01/24 09:54:12 | 000,000,276 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/01/24 09:49:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/24 09:49:27 | 000,013,881 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/24 09:49:08 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/12 15:49:54 | 002,080,256 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2007/08/07 15:01:32 | 000,842,752 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
[2007/08/07 15:00:22 | 009,100,288 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2007/04/12 16:44:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 16:44:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 16:44:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 16:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 16:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/28 05:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 05:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/20 09:03:22 | 000,007,494 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2004/08/05 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2000/01/20 10:42:08 | 000,334,848 | ---- | C] () -- C:\WINDOWS\System32\PCONVERTOR.DLL

========== LOP Check ==========

[2008/11/05 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2008/06/02 09:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2008/04/16 01:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/30 13:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/04/16 01:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/12 20:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ServeurFax
[2010/02/23 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/05/08 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2010/08/31 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/01 23:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/08 00:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WDGold Lite
[2010/09/01 23:11:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/12/02 20:32:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Christophe\Application Data\.#
[2008/08/21 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Ace
[2008/06/02 09:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\BSD
[2008/06/01 18:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\BSD Concept
[2008/06/02 09:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\BSDh9
[2010/09/14 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Canon
[2009/02/27 19:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\CoSoSys
[2010/05/20 16:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\COWON
[2008/11/05 16:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\DAEMON Tools
[2009/01/20 19:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\dBpoweramp
[2010/02/27 12:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\GlarySoft
[2010/05/20 17:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\HyperLyrics
[2008/10/19 14:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\InterTrust
[2009/10/30 12:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\iPodder
[2009/02/11 19:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\LogProtect
[2009/07/16 23:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\OnlineStorage
[2009/01/20 21:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Samsung
[2008/04/16 01:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\ScanSoft
[2008/05/08 16:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Shareaza
[2010/11/09 19:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Spotify
[2010/01/08 23:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Thunderbird
[2010/08/31 21:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Tomato
[2010/09/01 23:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\TuneUp Software
[2010/05/25 23:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\uTorrent
[2008/07/19 00:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Vso
[2010/10/12 20:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\WDGold Lite
[2010/08/31 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Xilisoft
[2010/09/05 14:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\XnView
[2010/09/02 00:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/09/02 11:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software
[2010/11/11 22:27:32 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/11/12 00:12:32 | 000,000,526 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job
[2010/11/11 14:05:41 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack BAL sauvegarde antec vers mybook.job
[2010/11/11 11:00:09 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Bookmarks.job
[2010/11/11 14:17:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Sauvegarde Documents d'Antec sur MyBook.job
[2010/11/10 18:00:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro docs Caro Toshiba et Antec.job
[2010/11/09 11:30:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro musique entre Antec et MyBook.job
[2010/11/09 14:00:21 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro photos entre Antec et MyBook.job
[2010/11/11 20:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro temporaire fichiers travail Caro.job
[2010/11/09 14:30:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro videos entre Antec et MyBook.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

<MD5>
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

<MD5>
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2006/08/14 07:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\WINDOWS\system32\drivers\nvata.sys

<MD5>
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2004/08/05 13:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A66A990E

<End>
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Rapport OTL EXTRAS.txt

Messagede dahu74 » 12 Nov 2010, 02:58

OTL Extras logfile created on: 12/11/2010 02:22:50 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Christophe\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23,79 Gb Total Space | 12,03 Gb Free Space | 50,56% Space Free | Partition Type: NTFS
Drive D: | 218,23 Gb Total Space | 105,65 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
Drive F: | 209,96 Gb Total Space | 69,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive G: | 14,65 Gb Total Space | 11,11 Gb Free Space | 75,80% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 429,30 Gb Free Space | 46,09% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 42,91 Gb Free Space | 9,21% Space Free | Partition Type: NTFS

Computer Name: ANTEC | User Name: Christophe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open_x2] -- "C:\Program Files\xplorer2_lite\xplorer2_lite.exe" /1 /M /T "%1" (ZabKat)
Directory [Parcourir avec XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"40000:TCP" = 40000:TCP:*:Enabled:Shareaza
"40000:UDP" = 40000:UDP:*:Enabled:Shareaza
"55000:TCP" = 55000:TCP:*:Enabled:To1
"55000:UDP" = 55000:UDP:*:Enabled:To2
"3128:TCP" = 3128:TCP:*:Enabled:Proxy Free
"3128:UDP" = 3128:UDP:*:Enabled:Proxy Free
"1723:TCP" = 1723:TCP:*:Enabled:pptp.ipjetable.net

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Program Files\Kommute\kommute.exe" = C:\Program Files\Kommute\kommute.exe:*:Enabled:kommute -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" = C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe:*:Enabled:OpenVPN GUI -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{127AB902-9575-4AB5-A314-D05D53E9B7A7}" = NB-7500p USB 2.0 Data Transfer Cable
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4C130995-6292-4C62-B4B1-F13AD78CE1FD}" = Agenda et Contacts
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photorécit 3 pour Windows
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{51D569E0-8A28-11D2-B962-006097C4DE24}" = Microsoft (R) C Runtime Library
"{51D569E2-8A28-11D2-B962-006097C4DE24}" = MFCDLL Shared Library - Retail Version
"{51D569E3-8A28-11D2-B962-006097C4DE24}" = Microsoft (R) C++ Runtime Library
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B0A8F0E-3672-4DA5-9540-A8D0171C38D8}" = TuneUp Utilities Language Pack (fr-FR)
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}" = MSXML 3.0
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 Fr
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C0C2F4B7-90D7-480D-9707-4167AD1EA3FB}" = Super Point de Croix Deluxe
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{E381FABF-C47C-4898-B517-4075D60A6CE1}" = Serials 2005
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}" = Montpellier Business Plan Classic
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FBF177D0-16A0-F742-A624-4129BBB9CEC9}" = GeneaSoft par GeneaNet
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ant Movie Catalog_is1" = Ant Movie Catalog
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"Avira UnErase Personal" = Avira UnErase Personal
"AviSynth" = AviSynth 2.5
"AxCrypt" = AxCrypt (Désinstaller uniquement)
"CCleaner" = CCleaner (remove only)
"Converio_is1" = Converio
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Aiff Codec" = dBpoweramp Aiff Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpowerAMP Lame (Exe) Codec" = dBpowerAMP Lame (Exe) Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpowerAMP Mp3 Blade Codec" = dBpowerAMP Mp3 Blade Codec
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"DMX5_is1" = DriverMax 5
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Enregistrement utilisateur de Canon MP510" = Enregistrement utilisateur de Canon MP510
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FairUse Wizard 2" = FairUse Wizard 2
"Glary Utilities_is1" = Glary Utilities 2.20.0.831
"Heredis 8" = Heredis 8
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KeyMap_is1" = KeyMap version 1106-1103 du 15-05-2004
"KeyScrambler" = KeyScrambler
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mes données" = mes données 1.2.1.9
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"MiniLyrics" = Minilyrics(remove only)
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Radio_Fr" = Radio Fr Solo 2.1
"RealAlt_is1" = Real Alternative 1.8.0
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Ri4m v5.0.1d" = Ri4m v5.0.1d
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shareaza_is1" = Shareaza version 2.2.1.0
"Spotify" = Spotify
"SyncBack_is1" = SyncBack
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.5
"VPN Lifeguard 1.3.17_is1" = VPN Lifeguard
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter 8.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Lecteur Windows Media 10
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"Xilisoft Dailymotion Video Converter" = Xilisoft Dailymotion Vidéo Convertisseur
"XnView Shell Extension_is1" = XnView Shell Extension 2.6.0
"XnView_is1" = XnView 1.96.2
"xplorer2l" = xplorer² lite
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"YouTube Video Downloader_is1" = YouTube Video Downloader 2.5.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Winamp Detect" = Détection de l'application Winamp

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 09/11/2010 10:45:49 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\dailypack.js
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\de.gif
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\default.css
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\default_002.css
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\dk.gif
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\dragdrop.js
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\dragdrop.js
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\effects.js
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\effects.js
failed, 00000035.

Error - 09/11/2010 10:45:50 | Computer Name = ANTEC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Toshiba\Caro\érections présidentielles 2007\xj54r_florence-foresti-en-cecilia-sarkozy_fichiers\embed_code.css
failed, 00000035.

[ Application Events ]
Error - 04/11/2010 17:22:41 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:22:41 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:22:42 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:03 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 09/11/2010 14:13:56 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 09/11/2010 14:13:56 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

[ Application Events ]
Error - 04/11/2010 17:22:41 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:22:41 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:22:42 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:02 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 04/11/2010 17:23:03 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 09/11/2010 14:13:56 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

Error - 09/11/2010 14:13:56 | Computer Name = ANTEC | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 10/10/2010 17:47:57 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:47:58 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:47:59 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:48:06 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:48:30 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:48:31 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:49:30 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:49:36 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:49:38 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.

Error - 10/10/2010 17:49:39 | Computer Name = ANTEC | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.


<End>
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Messagede nickW » 13 Nov 2010, 19:10

Bonsoir,

1/ pour ta signature, peux-tu ouvrir un nouveau sujet intitulé dahu74 dans le sous-forum Mes configs et y copier ceci (dans la zone Code):
Code: Tout sélectionner
[b]Mon PC N°1[/b]
Tour PC bureau
[list][*][color=blue]Windows XP SP2 version 2002: [/color]

[list][*]Windows XP version 2002
[*]SP2...[/list:u]
[*][color=blue]Configuration sécurité [/color]
[list][*][color=green]Pare-feu XP  [/color]
...
[*][color=green]Antivirus Avast 4.8 version familiale[/color]
...
[*][color=green]Anti-trojans Spybot 1.6.2.0[/color]
...
[*][color=green]Anti-spams[/color]
...
[*][color=green]Anti-publicités et pop-up intégré à Firefox + AdBlock[/color]
...

[*][color=blue]Configuration optimisation système[/color]
[list][*][color=green]Nettoyeur  fichiers[/color]
...
[*][color=green]Nettoyeur registre CC Cleaner[/color]
...[/list:u]
[*][color=blue]Navigation internet Firefox 3.6.12[/color]
[list][*][color=green]Type de connexion ADSL [/color]

...
[*][color=green]Navigateur Mzilla Firefox 1.6.12[/color]
...
[*][color=green]Courrielleur Mozilla Thunderbird 3.1.6[/color]




2/ pour l'analyse du PC par MBAM, peux-tu faire ceci:


Étape 1: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant Résident "TeaTimer". Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: Defogger (de jpshortstuff), téléchargement
Télécharger Defogger depuis http://www.jpshortstuff.247fixes.com/Defogger.exe
Enregistrer le fichier sur le Bureau.


Étape 3: Defogger (de jpshortstuff), désactivation des émulateurs de CD
Lancer Defogger par un double clic sur Defogger.exe

Fermer toutes les fenêtres de programme ouvertes autres que Defogger (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

L'écran de Defogger s'affiche:
Image

Cliquer sur Disable afin de désactiver les pilotes d'émulateurs de CD.

Cliquer sur Yes/Oui pour continuer.

Lors de l'apparition du message Finished!, cliquer sur OK.

Defogger annonce que le PC va redémarrer, cliquer sur OK.


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 5: rkill (de Grinler), téléchargement

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 6: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 7: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Malwarebytes' Anti-Malware ne démarre pas

Messagede dahu74 » 13 Nov 2010, 22:59

Bonsoir,
Tout d'abord un grand merci pour le temps que tu me consacres, j'apprécie à sa juste valeur.
J'ai procédé à toutes les opérations dans l'ordre jusqu'à l'étape 7 avortée
1) log rkill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Christophe on 13/11/2010 at 22:48:22.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Christophe\Bureau\rkill.exe


Rkill completed on 13/11/2010 at 22:48:24.

2) Impossible de démarrer Malwarebytes' Anti-Malware.

Je viens de le désinstaller à nouveau, téléchargé depuis clubic sur le bureau, installé, tenté de le démarrer depuis le menu Démarrage (puis en cliquant sur l'icone du bureau), le sablier tourne 1sec mais nada.
Cela me "gave" d'autant plus que je l'ai installé sur 2 autres PC et il démarre et tourne au 1/4 de tour.
C'est grave docteur?
Bonne fin de soirée!
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Messagede nickW » 14 Nov 2010, 01:34

Bonsoir,

Bravo pour la description de ta contig et ta signature! :wink:


On reprend dans l'ordre:

1/ désinstaller Malwarebytes' Anti-Malware


2/ télécharger Malwarebytes' Anti-Malware depuis le site du créateur (jamais depuis un autre site, cela devrait être fait systématiquement!):
http://www.malwarebytes.org/mbam.php (cliquer sur le bouton bleu Download free version).


3/ installer Malwarebytes' Anti-Malware
Il y a normalement un redémarrage du PC.


4/ exécuter rkill


5/ ouvrir le dossier d'installation de Malwarebytes' Anti-Malware
Par défaut il s'agit de:
C:\Program Files\Malwarebytes' Anti-Malware
Faire un clic droit sur mbam.exe, choisir Renommer et donner le nom: bidule.exe


6/ essayer d'exécuter Malwarebytes' Anti-Malware en faisant un double clic sur bidule.exe

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Etapes complétées

Messagede dahu74 » 14 Nov 2010, 13:20

Hello,
Bien suivi ta procédure, Malwarebytes' Anti-Malware bien installé, j'ai suivi les étapes, réactivé avast, voici les logs :

RKILL
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Christophe on 14/11/2010 at 12:42:35.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe
C:\Documents and Settings\Christophe\Bureau\rkill.com

Rkill completed on 14/11/2010 at 12:42:38.

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5111

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

14/11/2010 13:10:08
mbam-log-2010-11-14 (13-10-08).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 149252
Temps écoulé: 4 minute(s), 21 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljigddaudio (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvvwuaudio (Trojan.Vundo) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmnlkkaudio (Trojan.Vundo) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmnlkkaudio (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\iihgfg.dll_to_be_deleted (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qommjg.dll_to_be_deleted (Trojan.Vundo) -> No action taken.

L'ennemi est en vue, quelles torpilles charge-t-on?
Bon dimanche!

PS : d'après l'historique des connexions et celle des inconvénients, il semblerait que l'infection ait eu lieu lors d'une connexion à Facebook, plus précisément des pages de petits jeux.
J'ai donc interdit à mes gamins de retourner sur ces pages de jeux (sinon adieu Facebook) et ai ajouté les modules complémentaires à Firefox : NoScript, Flashblock, CookieSafe.
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Messagede nickW » 15 Nov 2010, 01:03

Bonsoir,

Premiers nettoyages:


Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
O4 - HKLM..\Run: [rqpnnnsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKLM..\Run: [wvvvwuaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\.DEFAULT..\Run: [pmnlkkaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\.DEFAULT..\Run: [xxvsstsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKU\S-1-5-18..\Run: [pmnlkkaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\S-1-5-18..\Run: [xxvsstsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O30 - LSA: Authentication Packages - (vtutus.dll) - C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O33 - MountPoints2\{96448184-1d52-11df-a79d-001e8c1d4325}\Shell\AutoRun\command - "" = J:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{e4b9bafe-c953-11df-a887-001e8c1d4325}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found

:Files
C:\WINDOWS\System32\qommjg.dll
C:\WINDOWS\System32\vtutus.dll
C:\WINDOWS\System32\iihgfg.dll_to_be_deleted
C:\WINDOWS\System32\ljghhf.dll_to_be_deleted
C:\WINDOWS\System32\vtutus.dll_old_1

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: dahu74.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 3: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 4: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via un double clic sur bidule.exe dans le dossier C:\Program Files\Malwarebytes' Anti-Malware
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 6: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede dahu74 » 15 Nov 2010, 10:32

Bonjour,
Les premiers nettoyages se sont déroulés sans accroc.
Au redémarrage, je n'avais plus le message "Erreur de chargement de qommjg.dll. Le module spécifié est introuvable ".

Rapport OTL
All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rqpnnnsys not found.
File C:\WINDOWS\System32\vtutus.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wvvvwuaudio not found.
File C:\WINDOWS\System32\qommjg.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\pmnlkkaudio not found.
File C:\WINDOWS\System32\qommjg.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\xxvsstsys not found.
File C:\WINDOWS\System32\vtutus.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\pmnlkkaudio not found.
File C:\WINDOWS\System32\qommjg.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\xxvsstsys not found.
File C:\WINDOWS\System32\vtutus.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:vtutus.dll deleted successfully.
File C:\WINDOWS\System32\vtutus.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96448184-1d52-11df-a79d-001e8c1d4325}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96448184-1d52-11df-a79d-001e8c1d4325}\ not found.
File J:\SamsungSoftware\APPInst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4b9bafe-c953-11df-a887-001e8c1d4325}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4b9bafe-c953-11df-a887-001e8c1d4325}\ not found.
File K:\setup.exe not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\qommjg.dll not found.
File\Folder C:\WINDOWS\System32\vtutus.dll not found.
File\Folder C:\WINDOWS\System32\iihgfg.dll_to_be_deleted not found.
File\Folder C:\WINDOWS\System32\ljghhf.dll_to_be_deleted not found.
File\Folder C:\WINDOWS\System32\vtutus.dll_old_1 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3449895 bytes

User: All Users

User: Christophe
->Temp folder emptied: 41718928 bytes
->Temporary Internet Files folder emptied: 62999721 bytes
->Java cache emptied: 3978942 bytes
->FireFox cache emptied: 59835958 bytes
->Flash cache emptied: 10455159 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16377311 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1009260 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 58268946 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 751769 bytes

Total Files Cleaned = 247,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_101217

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_674.dat moved successfully.

Registry entries deleted on Reboot...


Rapport Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5118

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15/11/2010 10:07:13
mbam-log-2010-11-15 (10-07-13).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 149432
Temps écoulé: 4 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljigddaudio (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvvvwuaudio (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmnlkkaudio (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmnlkkaudio (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\iihgfg.dll_to_be_deleted (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qommjg.dll_to_be_deleted (Trojan.Vundo) -> Quarantined and deleted successfully.

Le rapport OTL.txt suit.

Bonne journée!
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Messagede dahu74 » 15 Nov 2010, 10:33

Il date du 12/11, c'est quand même valable?

OTL logfile created on: 12/11/2010 02:22:50 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Christophe\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23,79 Gb Total Space | 12,03 Gb Free Space | 50,56% Space Free | Partition Type: NTFS
Drive D: | 218,23 Gb Total Space | 105,65 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
Drive F: | 209,96 Gb Total Space | 69,32 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive G: | 14,65 Gb Total Space | 11,11 Gb Free Space | 75,80% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 429,30 Gb Free Space | 46,09% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 42,91 Gb Free Space | 9,21% Space Free | Partition Type: NTFS

Computer Name: ANTEC | User Name: Christophe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/12 02:13:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
PRC - [2010/09/02 08:41:06 | 000,307,200 | ---- | M] (philippe734 - Vous devez exécuter le programme en tant qu'administrateur) -- C:\Program Files\VPN Lifeguard\VpnLifeguard.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe
PRC - [2009/11/12 09:30:32 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/11/12 09:28:40 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/01 11:24:50 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/12/18 14:34:36 | 000,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/07/13 07:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2004/08/05 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/16 18:38:16 | 000,077,824 | ---- | M] (http://www.reseau.org/keymap) -- C:\Program Files\KeyMap\Keymap.exe


========== Modules (SafeList) ==========

MOD - [2010/11/12 02:13:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
MOD - [2009/07/12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 00:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/04/16 15:32:34 | 000,053,248 | ---- | M] (Orange) -- C:\Program Files\mes données\OSDExtension.dll
MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/12/01 22:56:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/05 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/05 13:00:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll
MOD - [2004/08/05 13:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2004/08/05 13:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2001/10/16 18:52:36 | 000,053,248 | ---- | M] (http://www.reseau.org/keymap) -- C:\Program Files\KeyMap\MAP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/01 23:14:18 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/12 09:28:40 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/11/12 09:25:24 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/04/16 00:21:52 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/06/27 18:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/29 02:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/14 06:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/10/04 22:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/08/05 19:01:34 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/01/21 14:25:22 | 000,137,384 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs32.sys -- (CbFs)
DRV - [2009/01/20 21:31:31 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/11/05 16:05:59 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/12/05 00:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/03 18:10:12 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007/07/03 18:10:10 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007/01/16 02:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/08/14 07:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/11 14:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/17 10:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/12/12 20:12:01 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2005/11/21 06:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/10/27 15:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/12/05 19:46:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/05/07 14:54:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2002/09/16 18:07:24 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1060284298-963894560-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.fr"
FF - prefs.js..browser.search.defaultenginename: "google.fr"
FF - prefs.js..browser.search.order.1: "google.fr"
FF - prefs.js..browser.search.selectedEngine: "Google France - France"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.torrent411.com/browse.php?c9=1&c34=1&c30=1&c77=1&c110=1&c92=1&c94=1&submit.x=88&submit.y=16|http://www.demonoid.com/error_messages.php?error_id=7|http://www.rue89.com/|http://www.liberation.fr/|http://tempsreel.nouvelobs.com/index.html|http://www.marianne2.fr/|http://www.rhone-alpesolidaires.org/|http://www.creai-ra.com/|http://www.ca-des-savoie.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: uploader@adblockfilters.mozdev.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 21:56:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 15:35:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/31 18:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/09 11:56:10 | 000,000,000 | ---D | M]

[2010/01/08 23:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Extensions
[2010/01/08 23:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/11 21:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions
[2010/10/07 07:39:11 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/07/27 11:14:41 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/09/29 09:29:17 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/01/31 19:08:46 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010/11/05 07:58:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/06 17:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/09/30 09:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\foxmarks@kei.com
[2009/12/08 10:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\extensions\uploader@adblockfilters.mozdev.org
[2009/09/21 11:20:08 | 000,001,423 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\bittorrent.xml
[2009/09/21 11:20:08 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\ciao.xml
[2008/11/05 16:42:16 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\daemon-search.xml
[2009/09/21 11:20:08 | 000,001,943 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\divxovore.xml
[2009/09/21 11:20:08 | 000,002,494 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\google-france---france.xml
[2009/09/21 11:20:08 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\google-maps-france.xml
[2009/09/21 11:20:09 | 000,001,364 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\kelkoo.xml
[2008/08/28 22:45:26 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\meteofrance.xml
[2008/05/30 09:39:49 | 000,001,206 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\mininova.xml
[2008/04/16 22:28:11 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\mozilla-add-ons.xml
[2009/09/21 11:20:10 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\mycroft-project.xml
[2009/09/21 11:20:07 | 000,002,643 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\pc-astuces.xml
[2008/11/16 11:25:52 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\rechercher-dans-quidfr.xml
[2009/12/05 16:07:05 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\searchgeek.xml
[2009/09/21 11:20:09 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\sherlock-cherche.xml
[2009/09/21 11:20:10 | 000,004,578 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\smartorrent.xml
[2008/05/30 09:39:49 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\the-pirate-bay.xml
[2010/04/13 14:10:26 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\veosearch.xml
[2009/09/21 11:20:10 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\viamichelin---francais.xml
[2010/05/20 16:55:38 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\y1vsywve.default\searchplugins\winamp-search.xml
[2010/11/11 21:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/04 18:02:50 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/10/05 08:50:28 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/10/05 08:50:28 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/05 08:50:28 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/08/25 21:28:47 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/10/05 08:50:28 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/10/05 08:50:28 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/09/11 18:17:29 | 000,927,264 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 26612 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-1060284298-963894560-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [rqpnnnsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [wvvvwuaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\.DEFAULT..\Run: [pmnlkkaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\.DEFAULT..\Run: [xxvsstsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKU\S-1-5-18..\Run: [pmnlkkaudio] C:\WINDOWS\System32\qommjg.dll (foobar2000.org)
O4 - HKU\S-1-5-18..\Run: [xxvsstsys] C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O4 - HKU\S-1-5-21-1060284298-963894560-839522115-1003..\Run: [F.lux] C:\Documents and Settings\Christophe\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1060284298-963894560-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KeyMap.lnk = C:\Program Files\KeyMap\Keymap.exe (http://www.reseau.org/keymap)
O4 - Startup: C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\VPN Lifeguard.lnk = C:\Program Files\VPN Lifeguard\VpnLifeguard.exe (philippe734 - Vous devez exécuter le programme en tant qu'administrateur)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O8 - Extra context menu item: Download with Xilisoft Dailymotion Vidéo Convertisseur - C:\Program Files\Dailymotion Video Converter\upod_link.HTM ()
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Christophe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christophe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (vtutus.dll) - C:\WINDOWS\System32\vtutus.dll (foobar2000.org)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/24 09:43:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/20 11:38:24 | 000,000,000 | ---D | M] - F:\Autoplay -- [ NTFS ]
O33 - MountPoints2\{96448184-1d52-11df-a79d-001e8c1d4325}\Shell\AutoRun\command - "" = J:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{e4b9bafe-c953-11df-a887-001e8c1d4325}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 02:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/12 02:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/12 02:13:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
[2010/11/12 02:01:34 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/11/12 02:01:34 | 000,018,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/11/12 02:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/12 01:58:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/12 01:58:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/12 01:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/12 01:57:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Bureau\mbam-setup.exe
[2010/11/12 01:50:44 | 000,167,936 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Christophe\Bureau\StartupList.exe
[2010/11/12 01:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/11/11 22:32:33 | 000,126,464 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\qommjg.dll
[2010/11/11 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/11/11 19:24:01 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/11 18:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Virtu Monde Removal Tool
[2010/11/11 18:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/11 15:25:03 | 000,126,464 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\iihgfg.dll_to_be_deleted
[2010/11/11 14:12:52 | 000,121,344 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\ljghhf.dll_to_be_deleted
[2010/11/11 14:07:51 | 000,109,056 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll
[2010/11/11 14:07:51 | 000,109,056 | ---- | C] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll_old_1
[2010/11/08 15:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/10/23 22:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/08/31 21:18:50 | 000,455,888 | ---- | C] ( ) -- C:\Program Files\Fichiers communs\PredictAdInstaller.exe
[2008/07/19 00:10:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Christophe\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/12 02:19:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 02:16:03 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/12 02:15:53 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\NTREGOPT.lnk
[2010/11/12 02:15:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\ERUNT.lnk
[2010/11/12 02:14:10 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\scan.zip
[2010/11/12 02:13:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Bureau\OTL.exe
[2010/11/12 02:00:14 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\Christophe\Bureau\HiJackThis.lnk
[2010/11/12 01:58:20 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/12 01:57:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Bureau\mbam-setup.exe
[2010/11/12 01:06:51 | 000,109,056 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll
[2010/11/12 01:06:51 | 000,000,425 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/11/12 00:12:32 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Recherche de problèmes automatique.job
[2010/11/11 22:32:33 | 000,126,464 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\qommjg.dll
[2010/11/11 22:27:32 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/11/11 22:27:31 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/11 22:27:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 22:25:16 | 000,109,056 | ---- | M] (foobar2000.org) -- C:\WINDOWS\System32\vtutus.dll_old_1
[2010/11/11 20:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro temporaire fichiers travail Caro.job
[2010/11/11 15:25:03 | 000,126,464 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\iihgfg.dll_to_be_deleted
[2010/11/11 14:17:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sauvegarde Documents d'Antec sur MyBook.job
[2010/11/11 14:12:52 | 000,121,344 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\ljghhf.dll_to_be_deleted
[2010/11/11 14:05:41 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack BAL sauvegarde antec vers mybook.job
[2010/11/11 11:00:09 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Bookmarks.job
[2010/11/11 09:26:04 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 18:00:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro docs Caro Toshiba et Antec.job
[2010/11/09 14:30:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro videos entre Antec et MyBook.job
[2010/11/09 14:00:21 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro photos entre Antec et MyBook.job
[2010/11/09 11:30:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Synchro musique entre Antec et MyBook.job
[2010/11/08 15:35:08 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Christophe\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/11/02 13:13:26 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Christophe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 09:41:23 | 000,501,226 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/02 09:41:23 | 000,433,170 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 09:41:23 | 000,081,148 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/02 09:41:23 | 000,067,874 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/12 02:16:03 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/12 02:15:53 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\NTREGOPT.lnk
[2010/11/12 02:15:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\ERUNT.lnk
[2010/11/12 02:14:10 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\scan.zip
[2010/11/12 01:58:20 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/12 01:20:30 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\Christophe\Bureau\HiJackThis.lnk
[2010/11/11 15:16:17 | 000,000,425 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 16:06:08 | 000,721,424 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/10 22:58:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL
[2010/05/17 17:16:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/06/19 08:02:48 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2009/01/20 21:12:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/02 20:29:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\My Video Converter.INI
[2008/11/06 10:32:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/11/05 16:05:59 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/14 16:59:27 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008/08/26 05:24:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/19 00:10:15 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\pcouffin.log
[2008/07/19 00:10:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\ezpinst.exe
[2008/07/19 00:10:12 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\pcouffin.cat
[2008/07/19 00:10:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Christophe\Application Data\pcouffin.inf
[2008/06/15 23:29:12 | 000,000,046 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2008/06/01 17:30:51 | 000,006,461 | ---- | C] () -- C:\WINDOWS\easyc.ini
[2008/06/01 17:30:40 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/06/01 17:30:40 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/05/09 00:14:03 | 000,000,525 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2008/04/21 23:13:42 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\vbmgsext.ini
[2008/04/21 23:13:42 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\vbmgsent.ini
[2008/04/21 19:09:16 | 000,000,103 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2008/04/16 02:01:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/16 02:01:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/16 01:40:13 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/04/16 00:32:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/15 18:25:07 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Christophe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 11:21:20 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/01/24 11:19:09 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/24 10:21:33 | 000,013,919 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/24 10:12:30 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/24 09:54:12 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/01/24 09:54:12 | 000,000,276 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/01/24 09:49:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/24 09:49:27 | 000,013,881 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/24 09:49:08 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/12 15:49:54 | 002,080,256 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2007/08/07 15:01:32 | 000,842,752 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
[2007/08/07 15:00:22 | 009,100,288 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2007/04/12 16:44:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 16:44:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 16:44:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 16:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 16:44:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/28 05:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 05:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/20 09:03:22 | 000,007,494 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2004/08/05 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2000/01/20 10:42:08 | 000,334,848 | ---- | C] () -- C:\WINDOWS\System32\PCONVERTOR.DLL

========== LOP Check ==========

[2008/11/05 19:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2008/06/02 09:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2008/04/16 01:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/30 13:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/04/16 01:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/12 20:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ServeurFax
[2010/02/23 16:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/05/08 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2010/08/31 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/01 23:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/08 00:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WDGold Lite
[2010/09/01 23:11:35 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/12/02 20:32:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Christophe\Application Data\.#
[2008/08/21 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Ace
[2008/06/02 09:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\BSD
[2008/06/01 18:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\BSD Concept
[2008/06/02 09:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\BSDh9
[2010/09/14 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Canon
[2009/02/27 19:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\CoSoSys
[2010/05/20 16:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\COWON
[2008/11/05 16:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\DAEMON Tools
[2009/01/20 19:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\dBpoweramp
[2010/02/27 12:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\GlarySoft
[2010/05/20 17:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\HyperLyrics
[2008/10/19 14:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\InterTrust
[2009/10/30 12:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\iPodder
[2009/02/11 19:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\LogProtect
[2009/07/16 23:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\OnlineStorage
[2009/01/20 21:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Samsung
[2008/04/16 01:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\ScanSoft
[2008/05/08 16:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Shareaza
[2010/11/09 19:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Spotify
[2010/01/08 23:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Thunderbird
[2010/08/31 21:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Tomato
[2010/09/01 23:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\TuneUp Software
[2010/05/25 23:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\uTorrent
[2008/07/19 00:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Vso
[2010/10/12 20:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\WDGold Lite
[2010/08/31 21:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\Xilisoft
[2010/09/05 14:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Application Data\XnView
[2010/09/02 00:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2010/09/02 11:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TuneUp Software
[2010/11/11 22:27:32 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/11/12 00:12:32 | 000,000,526 | ---- | M] () -- C:\WINDOWS\Tasks\Recherche de problèmes automatique.job
[2010/11/11 14:05:41 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack BAL sauvegarde antec vers mybook.job
[2010/11/11 11:00:09 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Bookmarks.job
[2010/11/11 14:17:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Sauvegarde Documents d'Antec sur MyBook.job
[2010/11/10 18:00:29 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro docs Caro Toshiba et Antec.job
[2010/11/09 11:30:33 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro musique entre Antec et MyBook.job
[2010/11/09 14:00:21 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro photos entre Antec et MyBook.job
[2010/11/11 20:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro temporaire fichiers travail Caro.job
[2010/11/09 14:30:02 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Synchro videos entre Antec et MyBook.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

<MD5>
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

<MD5>
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2006/08/14 07:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\WINDOWS\system32\drivers\nvata.sys

<MD5>
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2004/08/05 13:00:00 | 001,251,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A66A990E

<End>
dahu74
 
Messages: 10
Inscription: 12 Nov 2010, 02:33

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 41 invités