[ok]Demandes d'étude de rapports d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[ok]Demandes d'étude de rapports d'analyse

Messagede Tungnawi » 22 Nov 2010, 21:03

Description détaillée des symptômes d'infection:

- Problème d'identification sur des webmail (gmail, mail.yahoo...)
- mon compte Hotmail fut piraté (je n'accepte pas de pièce envoyée d'inconnus sur MSN)
-Ralentissement de connexion énorme (1méga)

rapport de Malwarebytes' Anti-Malware


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5172

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22/11/2010 20:41:06
mbam-log-2010-11-22 (20-41-06).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 151403
Temps écoulé: 5 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-2737746169-8163605591-610136467-9364\nissan.exe) Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\helmi\Bureau\US9.4_in_doc_format(change_it_to_exe).exe (HackTool.Proxy) -> No action taken.
Tungnawi
 
Messages: 15
Inscription: 22 Nov 2010, 20:52
Localisation: Tunisie

OTL.Txt

Messagede Tungnawi » 22 Nov 2010, 21:05

rapport OTL.txt


OTL logfile created on: 22/11/2010 20:44:25 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\helmi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 38,78 Gb Free Space | 39,71% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 52,66 Gb Free Space | 53,92% Space Free | Partition Type: NTFS

Computer Name: YOUR-84F416DBFF | User Name: helmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 20:11:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
PRC - [2010/11/22 19:51:36 | 000,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe
PRC - [2010/11/10 12:03:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/10 20:26:48 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/11/28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 20:11:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
MOD - [2010/09/22 18:12:42 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.dll
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2007/01/15 13:18:31 | 000,034,488 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/22 19:51:36 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Running] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/29 09:43:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/20 11:33:02 | 000,189,688 | ---- | M] (Solid Documents, LLC) [Disabled | Stopped] -- C:\WINDOWS\Installer\MSI35E3.tmp -- (SCPDFV4ReadSpool)
SRV - [2009/12/16 09:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/07/10 20:26:48 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\TMEI3E.SYS -- (TMEI3E)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/12/05 07:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/04/13 10:46:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/10 20:26:46 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/29 14:20:30 | 000,051,712 | ---- | M] (Sagem Communication) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbSagCom.sys -- (UsbSagCom)
DRV - [2007/01/11 09:07:17 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/12/26 13:49:00 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2005/12/10 00:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/02 06:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/01 10:55:24 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/11/30 18:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/06 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/20 21:27:02 | 000,390,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/11/16 00:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/23 18:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = http://www.cherche.us
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.cherche.us/keyword/
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=par ... FFF0%3B&q={searchTerms}
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15446&l=dis
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: ar@dictionaries.addons.mozilla.org:2.0.20080110
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/22 20:12:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 19:34:48 | 000,000,000 | ---D | M]

[2009/10/29 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Extensions
[2010/11/20 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions
[2010/05/27 11:21:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 23:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/02/26 13:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\ar@dictionaries.addons.mozilla.org
[2010/02/26 13:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/05/27 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\firebug@software.joehewitt.com
[2010/07/13 03:03:46 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\searchplugins\cherche.xml
[2010/11/21 21:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 12:03:48 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/11/10 12:03:48 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/10 12:03:48 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/11/10 12:03:48 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/11/10 12:03:48 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\helmi\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\helmi\scriptjava.html ()
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O15 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005\..Trusted Domains: chat-land.org ([]* in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-2737746169-8163605591-610136467-9364\nissan.exe) - C:\RECYCLER\S-1-5-21-2737746169-8163605591-610136467-9364\nissan.exe File not found
O20 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1527805650-3824235883-1835349181-1005 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-2737746169-8163605591-610136467-9364\nissan.exe) - C:\RECYCLER\S-1-5-21-2737746169-8163605591-610136467-9364\nissan.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\helmi\Bureau\Sans titre.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\helmi\Bureau\Sans titre.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/14 07:23:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/19 10:22:19 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/19 10:22:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 20:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/22 20:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/22 20:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\helmi\Application Data\Malwarebytes
[2010/11/22 20:22:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/22 20:22:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/22 20:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/22 20:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/22 20:17:17 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\helmi\Bureau\erunt-setup.exe
[2010/11/22 20:15:30 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\helmi\Bureau\mbam-setup.exe
[2010/11/22 20:11:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
[2010/11/22 19:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/15 23:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\helmi\Application Data\BitTorrent
[2010/11/15 23:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/11/15 17:15:26 | 000,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/11/10 08:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/09 19:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/11/08 23:00:10 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/11/08 23:00:09 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/11/08 23:00:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/08 22:58:58 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2009/12/16 19:31:57 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2009/12/16 19:31:56 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2009/12/16 19:31:56 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\helmi\*.tmp files -> C:\Documents and Settings\helmi\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 20:24:31 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\helmi\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/22 20:24:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\NTREGOPT.lnk
[2010/11/22 20:24:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\ERUNT.lnk
[2010/11/22 20:23:32 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\helmi\Bureau\erunt-setup.exe
[2010/11/22 20:22:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/22 20:18:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\helmi\Bureau\mbam-setup.exe
[2010/11/22 20:11:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
[2010/11/22 20:04:01 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1527805650-3824235883-1835349181-1005UA.job
[2010/11/22 20:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/11/22 19:55:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\HijackThis.lnk
[2010/11/22 19:53:45 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\ProjectWhois.lnk
[2010/11/22 19:51:36 | 000,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/11/22 19:48:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/22 19:48:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/22 19:48:07 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 23:12:06 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\helmi\PUTTY.RND
[2010/11/21 22:31:28 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers u1003.exe.lnk
[2010/11/21 12:23:06 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Nouveau Document Microsoft Word.doc
[2010/11/21 05:04:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1527805650-3824235883-1835349181-1005Core.job
[2010/11/20 23:18:25 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\helmi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 20:48:36 | 000,050,344 | ---- | M] () -- C:\Documents and Settings\helmi\Mes documents\Par défaut.sfvidcap
[2010/11/20 20:05:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Audition 1.5.lnk
[2010/11/19 21:09:30 | 000,000,285 | ---- | M] () -- C:\WINDOWS\ConverterCore.INI
[2010/11/18 20:06:10 | 000,061,580 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Pres_riviere_paysage_riviere_maison-d93d0.jpg
[2010/11/18 19:34:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/16 23:25:32 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers festival de la pêche.lnk
[2010/11/16 23:25:32 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers mes articles de presse.lnk
[2010/11/16 23:25:08 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Sans titre.bmp
[2010/11/16 00:17:34 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Lancer Google Earth Pro.lnk
[2010/11/15 23:55:44 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk
[2010/11/15 22:32:47 | 000,020,786 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\154110_132745920111840_100001292974856_166083_7698067_n.jpg
[2010/11/10 08:02:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/11/10 07:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/09 11:16:51 | 001,698,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/08 23:49:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/08 23:46:51 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/08 23:46:51 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 23:46:51 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/08 23:46:51 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 23:23:33 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Google Chrome.lnk
[2010/11/08 23:23:33 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\helmi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\helmi\*.tmp files -> C:\Documents and Settings\helmi\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/22 20:24:31 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\helmi\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/22 20:24:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\NTREGOPT.lnk
[2010/11/22 20:24:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\ERUNT.lnk
[2010/11/22 20:22:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/22 19:55:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\HijackThis.lnk
[2010/11/22 19:53:45 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\ProjectWhois.lnk
[2010/11/21 22:31:28 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers u1003.exe.lnk
[2010/11/21 12:23:05 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Nouveau Document Microsoft Word.doc
[2010/11/20 20:05:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Audition 1.5.lnk
[2010/11/18 20:06:10 | 000,061,580 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Pres_riviere_paysage_riviere_maison-d93d0.jpg
[2010/11/16 23:25:07 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Sans titre.bmp
[2010/11/16 00:17:34 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Lancer Google Earth Pro.lnk
[2010/11/15 23:55:44 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk
[2010/11/15 22:32:46 | 000,020,786 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\154110_132745920111840_100001292974856_166083_7698067_n.jpg
[2010/11/10 08:02:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/11/09 18:57:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/08 21:07:01 | 1608,634,368 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/20 17:06:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\USA1B.DLL
[2010/01/20 17:06:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\_ISUSR2K.DLL
[2009/12/27 11:57:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\helmi\Application Data\chrtmp
[2009/12/20 11:32:57 | 000,021,240 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009/12/20 11:32:57 | 000,013,560 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/12/17 22:34:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/12/16 19:31:56 | 000,390,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2009/12/16 19:31:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2009/12/16 19:31:56 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2009/12/14 22:45:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 22:45:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/14 22:45:44 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/14 13:31:32 | 000,000,285 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/11/02 21:38:31 | 000,002,875 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/30 23:27:47 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\helmi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 20:36:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\helmi\Local Settings\Application Data\fusioncache.dat
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/03/13 16:52:18 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/09/20 11:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 11:27:16 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 11:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 11:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 11:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 11:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 11:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 11:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 11:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 11:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 11:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 11:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 11:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 11:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 11:27:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 11:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 11:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 11:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 11:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2006/03/21 08:53:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/15 07:55:02 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/03/15 07:36:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/14 11:57:01 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/14 11:53:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/14 11:53:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/14 11:53:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/14 11:53:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/14 11:53:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/14 11:53:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/14 11:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/14 09:41:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/03/14 09:09:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/14 09:09:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/14 09:09:11 | 000,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/14 09:09:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/14 08:15:53 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/14 07:26:43 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/14 07:09:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/03/14 07:09:11 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/09 14:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/29 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/11/23 13:41:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/11/23 11:42:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/09/15 14:04:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2009/10/30 03:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\toshiba
[2009/12/29 16:31:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/09 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/10/30 15:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/12 06:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/12/14 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2009/12/27 12:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/06/26 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/30 03:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2010/11/16 00:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\BitTorrent
[2009/12/23 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Design Science
[2010/11/22 20:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\DMCache
[2010/06/12 06:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Downloaded Installations
[2010/06/13 17:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Facebook
[2010/06/10 22:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Foxit Software
[2009/12/16 00:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\FreeFLVConverter
[2010/11/21 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\IDM
[2009/11/11 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\InterVideo
[2009/10/31 22:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\MSNInstaller
[2010/06/16 12:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Nitro PDF
[2010/03/24 01:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Opera
[2009/12/27 12:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Publish Providers
[2009/11/01 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\RaimaRadioPro
[2010/11/19 22:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\SolidDocuments
[2010/04/25 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Sony
[2010/02/08 00:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\StatSoft
[2010/11/22 20:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\TeraCopy
[2009/10/30 16:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Thinstall
[2009/10/30 03:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\toshiba
[2009/11/07 22:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\TuneUp Software
[2010/01/09 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Uniblue
[2010/06/10 22:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2010/11/22 20:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

<MD5>
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Files - Unicode (All) ==========
[2010/07/03 18:32:20 | 000,000,000 | ---D | M](C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????_fichiers) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع_fichiers
[2010/07/02 01:22:20 | 000,146,367 | ---- | M] ()(C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????.htm) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع.htm
[2010/07/02 01:22:09 | 000,146,367 | ---- | C] ()(C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????.htm) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع.htm
[2010/07/02 01:22:09 | 000,000,000 | ---D | C](C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????_fichiers) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع_fichiers

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences

<End>
Tungnawi
 
Messages: 15
Inscription: 22 Nov 2010, 20:52
Localisation: Tunisie

Extras.Txt

Messagede Tungnawi » 22 Nov 2010, 21:07

OTL Extras logfile created on: 22/11/2010 20:44:25 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\helmi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 38,78 Gb Free Space | 39,71% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 52,66 Gb Free Space | 53,92% Space Free | Partition Type: NTFS

Computer Name: YOUR-84F416DBFF | User Name: helmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Unstopcp] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18A64EE3-F1FE-46F3-AAE1-8CDB35B6038B}" = Surfer 8
"{1D13221B-42DE-4B3C-A43F-0F6AF3CF3DA2}" = Client Windows Rights Management avec Service Pack 2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatage de carte mémoire SD TOSHIBA
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF v4
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
"{650671AE-36C4-4710-9BB7-2B63B27002CC}" = BULK SMS XL
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CE1208-B85F-4976-8718-52A91990A8A3}" = Global Mapper 9
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B08C6A5-2B90-4E93-980D-7EEB39099D4D}" = VideoCAM Eye
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = Module sécurisé SD
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 de compatibilité descendante du client Windows Rights Management
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F81A6380-255D-41F9-B04A-FE40DC392FBF}" = ATI Catalyst Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Ad-Remover" = Ad-Remover By C_XX
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"Athan" = Athan Basic 3.4
"ATI Display Driver" = ATI Display Driver
"AutoShutdown" = AutoShutdown
"BitTorrent" = BitTorrent
"CDCheck" = CDCheck
"Color7 Video Converter_is1" = Color7 Video Converter Trial Version (English) 8.0.3.18
"DivX Setup.divx.com" = Configuration DivX
"DSMT6" = MathType 6
"ERUNT_is1" = ERUNT 1.1j
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = Utilitaire Hotkey TOSHIBA
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Utilitaire TouchPad ON/OFF
"Internet Download Manager" = Internet Download Manager
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA
"Picasa 3" = Picasa 3
"PluginPac" = DebugMode PluginPac (remove only)
"Power Saver" = Gestion d'énergie TOSHIBA
"ProInst" = Logiciel Intel(R) PROSet/Wireless
"ProjectWhois" = ProjectWhois
"PROSet" = Intel(R) PRO Network Connections Drivers
"RarmaRadio_is1" = RarmaRadio 2.28
"Shop for HP Supplies" = Shop for HP Supplies
"TeraCopy_is1" = TeraCopy 1.22
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1527805650-3824235883-1835349181-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2010 19:15:49 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Impossible d'établir une connexion avec le serveur

Error - 04/08/2010 19:15:49 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 04/08/2010 19:15:49 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 04/08/2010 19:15:50 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 04/08/2010 19:15:50 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 04/08/2010 19:15:51 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 04/08/2010 19:15:51 | Computer Name = YOUR-84F416DBFF | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 04/08/2010 20:00:48 | Computer Name = YOUR-84F416DBFF | Source = Windows Live Messenger | ID = 1000
Description =

Error - 19/08/2010 06:59:14 | Computer Name = YOUR-84F416DBFF | Source = Google Update | ID = 20
Description =

Error - 19/09/2010 12:59:05 | Computer Name = YOUR-84F416DBFF | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 20/11/2010 15:07:20 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7000
Description = Le service SSPORT n'a pas pu démarrer en raison de l'erreur : %%2

Error - 20/11/2010 15:08:46 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 21/11/2010 06:57:27 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7000
Description = Le service SSPORT n'a pas pu démarrer en raison de l'erreur : %%2

Error - 21/11/2010 06:58:51 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 22/11/2010 09:48:47 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7000
Description = Le service SSPORT n'a pas pu démarrer en raison de l'erreur : %%2

Error - 22/11/2010 09:50:11 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 22/11/2010 11:15:28 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7000
Description = Le service SSPORT n'a pas pu démarrer en raison de l'erreur : %%2

Error - 22/11/2010 11:16:53 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 22/11/2010 14:49:39 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7000
Description = Le service SSPORT n'a pas pu démarrer en raison de l'erreur : %%2

Error - 22/11/2010 14:49:39 | Computer Name = YOUR-84F416DBFF | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.


<End>
Tungnawi
 
Messages: 15
Inscription: 22 Nov 2010, 20:52
Localisation: Tunisie

Messagede nickW » 23 Nov 2010, 00:20

Bonsoir,

1/ Question:
Est-ce toi qui as paramétré un proxy dans Firefox?


2/ Premiers nettoyages:

Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Nod32 Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), cliquer sur "Quitter"


Étape 3: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 4: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]


Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Merciiiiiiiiiiiiiiii

Messagede Tungnawi » 23 Nov 2010, 10:28

Merci pour la rapidité de réponse...


1/ Non je n'ai pas paramétré un proxy, sauf que j'ai Ultrasurf que j'utilise pour contourner la censure de certains site web en Tunisie.


2/ l'état du système après nettoyage: je n'ai plus certains soucis d'identification ni ralentissement de la connexion... http://www.speedtest.net/result/1041740338.png

rapport de rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as helmi on 23/11/2010 at 9:55:57.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\helmi\Bureau\rkill.EXE


Rkill completed on 23/11/2010 at 9:55:59.


-----------------------
rapport de Malwarebytes' Anti-Malware


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5174

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

23/11/2010 10:10:36
mbam-log-2010-11-23 (10-10-36).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 151712
Temps écoulé: 5 minute(s), 36 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-2737746169-8163605591-610136467-9364\nissan.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\helmi\Bureau\US9.4_in_doc_format(change_it_to_exe).exe (HackTool.Proxy) -> Quarantined and deleted successfully.[url][/url]
Tungnawi
 
Messages: 15
Inscription: 22 Nov 2010, 20:52
Localisation: Tunisie

rapport principal de OTL

Messagede Tungnawi » 23 Nov 2010, 10:28

OTL logfile created on: 23/11/2010 10:16:06 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\helmi\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 38,75 Gb Free Space | 39,68% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 52,66 Gb Free Space | 53,92% Space Free | Partition Type: NTFS

Computer Name: YOUR-84F416DBFF | User Name: helmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 20:11:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
PRC - [2010/09/16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/11/04 00:19:17 | 002,594,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/10/07 09:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/10 20:26:48 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/11/28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 20:11:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/22 19:51:36 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/05/29 09:43:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/20 11:33:02 | 000,189,688 | ---- | M] (Solid Documents, LLC) [Disabled | Stopped] -- C:\WINDOWS\Installer\MSI35E3.tmp -- (SCPDFV4ReadSpool)
SRV - [2009/12/16 09:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/10/07 09:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 09:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/07/10 20:26:48 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/28 11:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005/11/28 11:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005/11/28 11:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\TMEI3E.SYS -- (TMEI3E)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/07 09:18:36 | 000,035,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/10/07 09:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 09:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/12/05 07:58:48 | 000,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2008/04/13 10:46:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/10 20:26:46 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/29 14:20:30 | 000,051,712 | ---- | M] (Sagem Communication) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbSagCom.sys -- (UsbSagCom)
DRV - [2007/01/11 09:07:17 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/12/26 13:49:00 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2005/12/10 00:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/02 06:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/01 10:55:24 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/11/30 18:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/10/06 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/20 21:27:02 | 000,390,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/11/16 00:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/23 18:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=par ... FFF0%3B&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15446&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: ar@dictionaries.addons.mozilla.org:2.0.20080110
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/22 20:12:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 19:34:48 | 000,000,000 | ---D | M]

[2009/10/29 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Extensions
[2010/11/20 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions
[2010/05/27 11:21:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 23:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/02/26 13:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\ar@dictionaries.addons.mozilla.org
[2010/02/26 13:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/05/27 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\extensions\firebug@software.joehewitt.com
[2010/07/13 03:03:46 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\helmi\Application Data\Mozilla\Firefox\Profiles\4rm8e247.default\searchplugins\cherche.xml
[2010/11/22 21:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 12:03:48 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/11/10 12:03:48 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/10 12:03:48 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/11/10 12:03:48 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/11/10 12:03:48 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\helmi\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O15 - HKCU\..Trusted Domains: chat-land.org ([]* in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (硅汰牯牥攮數04\13) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\TOSHIBA Satellite 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\TOSHIBA Satellite 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/14 07:23:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/19 10:22:19 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/19 10:22:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 21:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\helmi\Application Data\vlc
[2010/11/22 20:25:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/22 20:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/22 20:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\helmi\Application Data\Malwarebytes
[2010/11/22 20:22:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/22 20:22:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/22 20:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/22 20:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/22 20:17:17 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\helmi\Bureau\erunt-setup.exe
[2010/11/22 20:15:30 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\helmi\Bureau\mbam-setup.exe
[2010/11/22 20:11:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
[2010/11/22 19:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/15 23:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\helmi\Application Data\BitTorrent
[2010/11/15 23:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/11/15 17:15:26 | 000,362,240 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/11/10 08:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/09 19:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2009/12/16 19:31:57 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2009/12/16 19:31:56 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2009/12/16 19:31:56 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\helmi\*.tmp files -> C:\Documents and Settings\helmi\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/23 10:12:23 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/11/23 10:12:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/23 10:12:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 10:12:05 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/23 10:04:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1527805650-3824235883-1835349181-1005UA.job
[2010/11/23 09:54:45 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\rkill.EXE
[2010/11/22 23:06:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\helmi\PUTTY.RND
[2010/11/22 21:15:53 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Sans titre.bmp
[2010/11/22 20:24:31 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\helmi\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/22 20:24:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\NTREGOPT.lnk
[2010/11/22 20:24:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\ERUNT.lnk
[2010/11/22 20:23:32 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\helmi\Bureau\erunt-setup.exe
[2010/11/22 20:22:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/22 20:18:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\helmi\Bureau\mbam-setup.exe
[2010/11/22 20:11:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\helmi\Bureau\OTL.exe
[2010/11/22 19:55:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\HijackThis.lnk
[2010/11/22 19:53:45 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\ProjectWhois.lnk
[2010/11/22 19:51:36 | 000,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/11/21 22:31:28 | 000,000,447 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers u1003.exe.lnk
[2010/11/21 12:23:06 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Nouveau Document Microsoft Word.doc
[2010/11/21 05:04:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1527805650-3824235883-1835349181-1005Core.job
[2010/11/20 23:18:25 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\helmi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 20:48:36 | 000,050,344 | ---- | M] () -- C:\Documents and Settings\helmi\Mes documents\Par défaut.sfvidcap
[2010/11/20 20:05:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Audition 1.5.lnk
[2010/11/19 21:09:30 | 000,000,285 | ---- | M] () -- C:\WINDOWS\ConverterCore.INI
[2010/11/18 20:06:10 | 000,061,580 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Pres_riviere_paysage_riviere_maison-d93d0.jpg
[2010/11/18 19:34:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/16 23:25:32 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers festival de la pêche.lnk
[2010/11/16 23:25:32 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers mes articles de presse.lnk
[2010/11/16 00:17:34 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Lancer Google Earth Pro.lnk
[2010/11/15 23:55:44 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk
[2010/11/15 22:32:47 | 000,020,786 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\154110_132745920111840_100001292974856_166083_7698067_n.jpg
[2010/11/10 08:02:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/11/10 07:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/09 11:16:51 | 001,698,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/08 23:49:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/08 23:46:51 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/08 23:46:51 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 23:46:51 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/08 23:46:51 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 23:23:33 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\helmi\Bureau\Google Chrome.lnk
[2010/11/08 23:23:33 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\helmi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\helmi\*.tmp files -> C:\Documents and Settings\helmi\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 09:54:35 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\rkill.EXE
[2010/11/22 20:24:31 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\helmi\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/11/22 20:24:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\NTREGOPT.lnk
[2010/11/22 20:24:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\ERUNT.lnk
[2010/11/22 20:22:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/11/22 19:55:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\HijackThis.lnk
[2010/11/22 19:53:45 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\ProjectWhois.lnk
[2010/11/21 22:31:28 | 000,000,447 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Raccourci vers u1003.exe.lnk
[2010/11/21 12:23:05 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Nouveau Document Microsoft Word.doc
[2010/11/20 20:05:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Audition 1.5.lnk
[2010/11/18 20:06:10 | 000,061,580 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Pres_riviere_paysage_riviere_maison-d93d0.jpg
[2010/11/16 23:25:07 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\Sans titre.bmp
[2010/11/16 00:17:34 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Lancer Google Earth Pro.lnk
[2010/11/15 23:55:44 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk
[2010/11/15 22:32:46 | 000,020,786 | ---- | C] () -- C:\Documents and Settings\helmi\Bureau\154110_132745920111840_100001292974856_166083_7698067_n.jpg
[2010/11/10 08:02:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/11/09 18:57:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/08 21:07:01 | 1608,634,368 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/20 17:06:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\USA1B.DLL
[2010/01/20 17:06:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\_ISUSR2K.DLL
[2009/12/27 11:57:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\helmi\Application Data\chrtmp
[2009/12/20 11:32:57 | 000,021,240 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009/12/20 11:32:57 | 000,013,560 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/12/17 22:34:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/12/16 19:31:56 | 000,390,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2009/12/16 19:31:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2009/12/16 19:31:56 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2009/12/14 22:45:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 22:45:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/14 22:45:44 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/14 13:31:32 | 000,000,285 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/11/02 21:38:31 | 000,002,875 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/30 23:27:47 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\helmi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 20:36:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\helmi\Local Settings\Application Data\fusioncache.dat
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/03/13 16:52:18 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/09/20 11:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 11:27:16 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 11:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 11:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 11:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 11:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 11:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 11:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 11:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 11:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 11:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 11:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 11:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 11:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 11:27:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 11:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 11:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 11:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 11:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2006/03/21 08:53:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/15 07:55:02 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/03/15 07:36:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/14 11:57:01 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/14 11:53:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/14 11:53:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/14 11:53:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/14 11:53:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/14 11:53:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/14 11:53:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/14 11:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/14 09:41:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/03/14 09:09:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/14 09:09:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/14 09:09:11 | 000,010,177 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/14 09:09:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/14 08:15:53 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/14 07:26:43 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/14 07:09:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/03/14 07:09:11 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/09 14:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/29 04:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/11/23 13:41:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/11/23 11:42:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/09/15 14:04:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2009/12/29 16:31:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/09 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/10/30 15:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/12 06:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/12/14 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2009/12/27 12:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/06/26 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/11/16 00:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\BitTorrent
[2009/12/23 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Design Science
[2010/11/23 10:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\DMCache
[2010/06/12 06:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Downloaded Installations
[2010/06/13 17:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Facebook
[2010/06/10 22:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Foxit Software
[2009/12/16 00:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\FreeFLVConverter
[2010/11/21 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\IDM
[2009/11/11 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\InterVideo
[2009/10/31 22:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\MSNInstaller
[2010/06/16 12:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Nitro PDF
[2010/03/24 01:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Opera
[2009/12/27 12:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Publish Providers
[2009/11/01 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\RaimaRadioPro
[2010/11/19 22:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\SolidDocuments
[2010/04/25 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Sony
[2010/02/08 00:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\StatSoft
[2010/11/22 20:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\TeraCopy
[2009/10/30 16:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Thinstall
[2009/10/30 03:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\toshiba
[2009/11/07 22:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\TuneUp Software
[2010/01/09 21:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\helmi\Application Data\Uniblue
[2010/11/23 10:12:23 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/07/03 18:32:20 | 000,000,000 | ---D | M](C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????_fichiers) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع_fichiers
[2010/07/02 01:22:20 | 000,146,367 | ---- | M] ()(C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????.htm) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع.htm
[2010/07/02 01:22:09 | 000,146,367 | ---- | C] ()(C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????.htm) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع.htm
[2010/07/02 01:22:09 | 000,000,000 | ---D | C](C:\Documents and Settings\helmi\Bureau\????? ?? ??????? ? ???????? ? ???????_fichiers) -- C:\Documents and Settings\helmi\Bureau\خواطر في السياسة و الإقتصاد و المجتمع_fichiers

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences

<End>
Tungnawi
 
Messages: 15
Inscription: 22 Nov 2010, 20:52
Localisation: Tunisie

Messagede nickW » 27 Nov 2010, 01:18

Bonsoir,

Note importante:
Cette "infection", ce détournement des pages de démarrage et de recherche, reviendra à chaque fois que tu te connecteras sur chat-land.org ... que tu as d'ailleurs placé dans les sites de confiance d'IE!
:twisted:



Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut vider les fichiers stockés dans les dossiers de la Restauration système, puis créer un nouveau point de restauration qui sera utilisable en cas de problème.
Méthode:
Désactiver la restauration système, réactiver la restauration système, puis créer un nouveau point de restauration.
Explications détaillées:
http://assiste.com.free.fr/p/comment/co ... ation.html


ImageUn conseil important:
Java de Oracle
Installer la dernière version de Java de Oracle.

Version actuelle: Java SE Runtime Environment (JRE) 6 Update 22 - JRE 6 Update 22
*- http://www.oracle.com/technetwork/java/ ... index.html

Dans le paragraphe "Java Platform, Standard Edition", cliquer sur Download JRE.

Sur la page suivante, dans le paragraphe "Select Platform and Language for your download", choisir la plateforme (Windows), cocher la case située devant "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement.", puis cliquer sur le bouton Continue >>

Sur la nouvelle page, sous "Windows Offline Installation", télécharger le fichier jre-6u22-windows-i586.exe, 15,33 MB
Fermer tous les navigateurs (Internet Explorer, Firefox, etc), puis faire un double clic sur jre-6u22-windows-i586.exe pour lancer l'installation.

Après l'installation de la nouvelle version, il est impératif de désinstaller toutes les versions obsolètes dont les failles sont utilisées par les "malveillants".
Pour ce faire:

JavaRa (de Fred de Vries et Paul McLain)
Aller sur le site http://raproducts.org/
Cliquer sur l'onglet Software
Télécharger JavaRa: Dans le paragraphe JavaRa, cliquer sur Download Windows Binary (.zip file).
Enregistrer le fichier JavaRa.zip sur le Bureau.
Créer un nouveau dossier nommé JavaRa et y décompresser la totalité de l'archive (clic droit, puis Extraire tout).
Ouvrir le dossier JavaRa puis faire un double clic sur JavaRa.exe pour lancer l'outil.

Sous "Select the language of your choice below" choisir (via la liste déroulante) Français et cliquer sur le bouton Select.

Cliquer sur le bouton Effacer les anciennes versions et valider ce choix en cliquant sur Oui ("Êtes-vous sûr de vouloir poursuivre?").

Cliquer deux fois sur OK.
Un rapport va s'afficher dans le Bloc-notes. Fermer le Bloc-notes.
Fermer JavaRa.


ImageUn conseil important:
Il faut sécuriser Firefox:

Certaines extensions me semblent presque indispensables:

Adblock Plus https://addons.mozilla.org/fr/firefox/addon/1865/
CookieSafe (ou similaire) https://addons.mozilla.org/fr/firefox/addon/2497/
Dr.Web anti-virus link checker https://addons.mozilla.org/fr/firefox/addon/938/
Flashblock https://addons.mozilla.org/fr/firefox/addon/433/
NoScript https://addons.mozilla.org/fr/firefox/addon/722/
RefControl https://addons.mozilla.org/fr/firefox/addon/953/
ShowIP https://addons.mozilla.org/fr/firefox/addon/590/
WOT https://addons.mozilla.org/fr/firefox/addon/3456/
IsAdmin http://isadmin.mozdev.org/installation.html


ImageUn conseil important:
Proscrire l'utilisation de P2P illicite!
cf BitTorrent


ImageUn conseil:
Erunt permet de faire une sauvegarde du Registre.
Il est intéressant de l'utiliser avant d'installer un nouveau programme (en cas de problème, il permettra de revenir en arrière).


ImageUn conseil:
La version gratuite de MBAM (Malwarebytes' Anti-Malware) reste utilisable pour effectuer des analyses à la demande.
Tu peux donc choisir de la laisser installée, et de l'utiliser de temps en temps (pour faire du "nettoyage") en faisant une mise à jour manuelle avant de demander l'examen.


ImageUn conseil:
Il est possible d'alléger la procédure de démarrage et de libérer quelques ressources système.
Certains programmes sont considérés comme "inutiles au démarrage": ils sont lancés systématiquement à chaque démarrage du système (même si l'on ne s'en sert pas), ils restent actifs et utilisent des ressources du système.
Il est indispensable de consulter la liste des startups (programmes lancés au démarrage) d'après Pacman (Paul Collins) pour prendre sa décision (les garder au démarrage ou non). Voir ICI.
Version téléchargeable (clic droit sur le lien): http://assiste.com.free.fr/ftp/Startups-vf.chm
Image Note: Le site n'est pas à jour, il faut utiliser la version téléchargeable.
Sont dans ce cas:

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()--->mise à jour automatique: mieux vaut la faire soi-même

Si tu décides de les désactiver, tu peux utiliser la méthode "msconfig" ou installer Autoruns [voir ici et ici] (sauf indications particulières dans la liste de Pacman).
Une autre méthode consiste à vérifier dans le programme s'il n'existe pas une option de lancement automatique au démarrage de Windows que l'on peut désactiver.


ImageUn conseil:
Image Il est préférable de supprimer OTL (fichier téléchargé OTL.exe et fichiers résultats OTL.Txt et Extras.Txt situés sur le Bureau, ainsi que, s'ils existent, les fichiers de travail fix.txt et scan.txt).
Note: S'il existe, le dossier SystemDrive\_OTL contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer rkill (fichier rkill téléchargé, situé sur le Bureau, et fichier rapport %SystemDrive%/rkill.log).
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Tungnawi » 27 Nov 2010, 15:11

Merci encore et encore.
Tungnawi
 
Messages: 15
Inscription: 22 Nov 2010, 20:52
Localisation: Tunisie


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 51 invités