[RÉSOLU] Code de caractère pour accèder à Mozilla.

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[RÉSOLU] Code de caractère pour accèder à Mozilla.

Messagede Lucky46 » 28 Déc 2010, 18:30

Bonjour,

Je crois que mon pc est infecté,je vous envoi ce lien afin de mieux vous montrez les problèmes que je rencontre depuis
quelques jours.

http://www.geckozone.org/forum/viewtopi ... =5&t=88906

Merci
Lucky46
 
Messages: 17
Inscription: 28 Déc 2010, 18:12

Messagede nickW » 28 Déc 2010, 19:06

Bonsoir,

Peux-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés dans ce fil de discussion (ne pas créer de nouveau sujet)?

A bientôt,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Lucky46 » 28 Déc 2010, 20:29

OTL logfile created on: 2010-12-28 14:02:42 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\lico\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

503,00 Mb Total Physical Memory | 182,00 Mb Available Physical Memory | 36,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,28 Gb Total Space | 31,56 Gb Free Space | 82,44% Space Free | Partition Type: NTFS

Computer Name: PPPP-FI1X59R54X | User Name: lico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-27 15:18:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
PRC - [2010-12-10 10:23:00 | 001,735,168 | ---- | M] (Krzysztof Kowalczyk) -- C:\Documents and Settings\lico\Mes documents\''Utilitaire''\RACCOURCI ''LOGICIELS''\SumatraPDF.exe
PRC - [2010-09-21 17:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\lico\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
PRC - [2010-09-15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010-04-16 17:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-05-19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-03-07 09:51:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe


========== Modules (SafeList) ==========

MOD - [2010-12-27 15:18:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
MOD - [2010-08-23 11:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-05-19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007-03-07 09:51:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561) ICatch (VI)
DRV - [2008-08-25 10:43:38 | 000,055,528 | ---- | M] (SafeNet China Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rcmhdog.sys -- (RCMHDOG)
DRV - [2008-08-25 10:43:38 | 000,021,696 | ---- | M] (SafeNet China Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mhdrv.sys -- (MHDRV)
DRV - [2007-03-07 09:51:52 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2005-09-29 12:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005-08-10 09:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005-08-10 07:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-05-16 08:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2001-08-22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://roonic.com/results.html?q=%s&sa=Search&cx=partner-pub-0345395751421741:y8d2vrh2u6t&cof=FORID:10&ie=UTF-8


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
IE - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 57 F0 12 F1 A2 CB 01 [binary data]
IE - HKU\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25457

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-24 14:24:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-24 14:23:46 | 000,000,000 | ---D | M]

[2010-07-26 15:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Mozilla\Extensions
[2010-12-26 20:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Mozilla\Firefox\Profiles\6ru1a0dn.default\extensions
[2010-12-24 14:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-12-03 13:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-12-03 13:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-12-03 13:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-12-03 13:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-12-03 13:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010-12-17 15:31:13 | 000,418,588 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14439 more lines...
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1645522239-884357618-839522115-1003..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-1645522239-884357618-839522115-1003..\Run: [WeatherEye] C:\Documents and Settings\lico\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\lico\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Download5000 Toolbar - {9D931726-DFBC-480e-851A-20C397E1A2C8} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Download5000 Toolbar - {9D931726-DFBC-480e-851A-20C397E1A2C8} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 5883915920 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab (Creative Toolbox Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\lico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-05-31 03:53:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eac7c0bc-e286-11dd-8693-000bdbce2dd1}\Shell - "" = AutoRun
O33 - MountPoints2\{eac7c0bc-e286-11dd-8693-000bdbce2dd1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010-12-28 13:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-12-28 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-12-28 12:01:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lico\Recent
[2010-12-27 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010-12-27 15:27:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\lico\Bureau\erunt-setup.exe
[2010-12-27 15:18:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
[2010-12-26 19:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lico\Bureau\scan
[2010-12-24 14:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-12-24 10:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010-12-21 18:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010-12-21 18:51:40 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QTCF.dll
[2010-12-21 18:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2010-12-21 17:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lico\Local Settings\Application Data\Apple Computer
[2010-12-20 13:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lico\Application Data\Malwarebytes
[2010-12-19 20:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenMates
[2010-12-17 15:29:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\IASYV
[2010-12-17 15:28:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\5c9869
[2010-12-15 09:50:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010-11-29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010-11-29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009-05-10 14:57:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\lico\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010-12-28 13:50:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-12-28 13:47:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-28 13:47:13 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010-12-28 13:44:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-28 13:43:57 | 016,777,216 | ---- | M] () -- C:\Documents and Settings\lico\ntuser.bak
[2010-12-28 13:35:23 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\lico\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010-12-28 13:34:57 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\lico\Bureau\NTREGOPT.lnk
[2010-12-28 13:34:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\lico\Bureau\ERUNT.lnk
[2010-12-27 17:38:01 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers IrfanView.lnk
[2010-12-27 15:27:34 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\lico\Bureau\erunt-setup.exe
[2010-12-27 15:18:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
[2010-12-26 22:00:01 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010-12-26 19:37:13 | 000,191,052 | ---- | M] () -- C:\Documents and Settings\lico\Bureau\00-PAD-nickW.pdf
[2010-12-24 14:23:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Mozilla Firefox.lnk
[2010-12-22 10:26:35 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-12-17 15:31:13 | 000,418,588 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-12-15 10:02:28 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-11-29 12:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010-11-29 12:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010-11-29 12:38:08 | 000,180,224 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QTCF.dll

========== Files Created - No Company Name ==========

[2010-12-28 13:43:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\lico\ntuser.tmp.LOG
[2010-12-28 13:35:23 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\lico\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010-12-28 13:34:57 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\lico\Bureau\NTREGOPT.lnk
[2010-12-28 13:34:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\lico\Bureau\ERUNT.lnk
[2010-12-27 17:43:35 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers IrfanView.lnk
[2010-12-26 19:37:12 | 000,191,052 | ---- | C] () -- C:\Documents and Settings\lico\Bureau\00-PAD-nickW.pdf
[2010-12-24 14:45:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Mozilla Firefox.lnk
[2010-12-24 10:42:41 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010-12-22 11:37:51 | 016,777,216 | ---- | C] () -- C:\Documents and Settings\lico\ntuser.bak
[2010-12-17 17:29:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Internet Explorer.lnk
[2010-09-22 14:15:07 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2010-09-22 12:59:47 | 000,000,880 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
[2010-09-04 13:10:23 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-08-17 12:50:47 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010-07-31 11:11:51 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010-07-31 11:11:51 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010-07-31 11:11:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009-11-30 15:41:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ztLib.dll
[2009-09-25 07:40:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-07-10 19:01:57 | 000,000,081 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009-06-07 16:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009-06-04 12:57:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009-05-29 17:42:20 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009-05-10 14:57:20 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\inst.exe
[2009-05-10 14:57:20 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\pcouffin.cat
[2009-05-10 14:57:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\pcouffin.inf
[2009-03-11 14:01:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009-01-10 15:43:57 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008-10-15 15:31:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-09-28 18:35:12 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-28 18:14:39 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\lico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-08-25 10:43:38 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\IOCTLVDD.DLL
[2008-08-25 10:42:15 | 000,009,279 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2008-08-25 10:42:15 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2008-08-25 10:42:15 | 000,000,170 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008-05-31 20:02:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008-05-30 22:22:54 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-03-06 09:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004-09-16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004-09-16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

========== LOP Check ==========

[2009-01-22 16:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\328C
[2010-12-17 15:30:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\5c9869
[2010-08-28 15:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010-12-24 10:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010-12-17 15:29:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\IASYV
[2010-07-02 14:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-08-21 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010-07-22 15:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010-11-27 19:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\GlarySoft
[2009-11-13 21:07:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\lico\Application Data\InAlbumTemp
[2010-12-28 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\IObit
[2010-11-27 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\PhotoFiltre
[2010-08-06 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\PropMgrAsync
[2010-04-01 16:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Smart PC Solutions
[2010-07-05 14:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Softplicity
[2010-10-30 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Vso
[2009-11-06 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Windows Live Writer
[2010-12-28 13:47:13 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010-12-28 13:50:12 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010-12-28 13:44:16 | 000,032,530 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010-12-26 22:00:01 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003-04-24 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002-08-29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004-08-19 18:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-19 18:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2004-08-19 18:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2009-03-08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009-03-08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010-11-05 19:21:43 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:A63574A11E692009
@Alternate Data Stream - 40 bytes -> C:\WINDOWS\system32:2d7ed1c3.zreglib
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F0FFA06
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

<End>
OTL Extras logfile created on: 2010-12-28 14:02:42 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\lico\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

503,00 Mb Total Physical Memory | 182,00 Mb Available Physical Memory | 36,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,28 Gb Total Space | 31,56 Gb Free Space | 82,44% Space Free | Partition Type: NTFS

Computer Name: PPPP-FI1X59R54X | User Name: lico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\WINDOWS\system32\mcoinstall.exe" = C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall -- (Aapie.Net)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- File not found
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0B1C0E32-0589-49BE-AFEE-6888ED4A4FF4}" = Analyseur XML Microsoft
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}" = Microsoft Antimalware Service FR-FR Language Pack
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DVDFab 8_is1" = DVDFab 8.0.4.0 (11/11/2010)
"ERUNT_is1" = ERUNT 1.1j
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Module Français pour Irfanview version 4.28" = Module Français pour Irfanview version 4.28
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"quicktime_lite_is1" = QT Lite 4.1.0
"Rainlendar2" = Rainlendar2 (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.90
"Sqirlz Water Reflections" = Sqirlz Water Reflections
"Unlocker" = Unlocker 1.9.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MétéoÉclair" = MétéoÉclair

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-12-25 15:07:08 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 15:41:09 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 15:43:22 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 15:43:30 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 15:45:55 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 17:09:22 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 0.0.0.0, module défaillant
, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 2010-12-25 17:10:12 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 17:10:23 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-25 17:11:42 | Computer Name = PPPP-FI1X59R54X | Source = Application Error | ID = 1000
Description = Application défaillante lights95.exe, version 2.0.2.1, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00032b34.

Error - 2010-12-28 11:20:42 | Computer Name = PPPP-FI1X59R54X | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 2010-12-24 10:28:46 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-24 12:24:29 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-24 21:29:21 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-25 13:07:06 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-25 16:12:42 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7023
Description = Le service Serveur s'est arrêté avec l'erreur : %%1811

Error - 2010-12-25 22:18:38 | Computer Name = PPPP-FI1X59R54X | Source = Microsoft Antimalware | ID = 1008
Description = %%861 a rencontré une erreur lors d'une action visant des logiciels
espions ou tout autre logiciel potentiellement indésirable. Pour plus d'informations,
consultez les informations suivantes : http://go.microsoft.com/fwlink/?linkid= ... 2147626408

Utilisateur :
PPPP-FI1X59R54X\lico Nom : Trojan:Win32/Jpgiframe.A ID : 2147626408 Gravité : Grave

Catégorie :
Cheval de Troie Chemin d'accès : Action : %%808 Code d'erreur : 0x80508023 Description
de l'erreur : Le programme n'a trouvé aucun logiciel espion ou autre logiciel indésirable
sur cet ordinateur. État : Version de la signature : AV: 1.95.2583.0, AS: 1.95.2583.0

Version
du moteur : 1.1.6402.0

Error - 2010-12-26 12:39:51 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-27 11:28:36 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-28 10:49:27 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 2010-12-28 14:45:31 | Computer Name = PPPP-FI1X59R54X | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd


<End>
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5406

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-12-28 11:16:14
mbam-log-2010-12-28 (11-16-14).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 175970
Temps écoulé: 46 minute(s), 25 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Lucky46
 
Messages: 17
Inscription: 28 Déc 2010, 18:12

Messagede nickW » 29 Déc 2010, 00:04

Re-Bonsoir,

Remarque préliminaire:
Il faudrait que tu envoies les rapports d'analyse dans des messages distincts, en utilisant à chaque fois le bouton Image pour continuer dans ce fil de discussion.
En effet, bien souvent ces fichiers sont trop longs pour que le forum puisse en enregistrer plusieurs dans le même message.


Je suppose que tu as désinstallé Ad-Aware.
Cette désinstallation était incomplète (un pilote cherche encore à démarrer). Il va être nettoyé ci-dessous.


Premiers nettoyages, et nouvelle analyse:


Étape 1: OTL (de OldTimer), préparation de l'analyse

Supprimer le fichier scan.txt téléchargé précédemment.

Télécharger le fichier scan.zip depuis ce lien.
Extraire de cette archive le fichier scan.txt et placer ce fichier sur le Bureau.


Étape 2: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://roonic.com/results.html?q=%s&sa=Search&cx=partner-pub-0345395751421741:y8d2vrh2u6t&cof=FORID:10&ie=UTF-8
IE - HKU\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25457
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - No CLSID value found.
O3 - HKU\S-1-5-21-1645522239-884357618-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:A63574A11E692009
@Alternate Data Stream - 40 bytes -> C:\WINDOWS\system32:2d7ed1c3.zreglib
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F0FFA06
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Microsoft Security Essentials: ouvrir MSE, dans l'onglet "Paramètres" décocher la case située devant "Activer la protection en temps réel (recommandé)"


Étape 5: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 29 Déc 2010, 00:06

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 6: Pas de processus de contrôle en temps réel
Comme le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 7: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-101228.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Faire un double clic dans la zone blanche située en bas et nommée "Personnalisation": Image

Il y a ouverture d'une petite fenêtre "OTL":
Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'à l'emplacement de sauvegarde du fichier scan.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier scan.txt est ainsi inséré dans le panneau "Personnalisation" Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 10: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport de Gmer (contenu du fichier gmer-101228.txt)<----ce rapport est parfois très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Lucky46 » 29 Déc 2010, 02:19

OTL logfile created on: 2010-12-28 19:50:13 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\lico\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

503,00 Mb Total Physical Memory | 195,00 Mb Available Physical Memory | 39,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,28 Gb Total Space | 31,52 Gb Free Space | 82,35% Space Free | Partition Type: NTFS

Computer Name: PPPP-FI1X59R54X | User Name: lico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-12-27 15:18:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
PRC - [2010-09-15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-05-19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-03-07 09:51:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe


========== Modules (SafeList) ==========

MOD - [2010-12-27 15:18:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
MOD - [2010-08-23 11:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-05-19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007-03-07 09:51:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561) ICatch (VI)
DRV - [2008-08-25 10:43:38 | 000,055,528 | ---- | M] (SafeNet China Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rcmhdog.sys -- (RCMHDOG)
DRV - [2008-08-25 10:43:38 | 000,021,696 | ---- | M] (SafeNet China Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mhdrv.sys -- (MHDRV)
DRV - [2007-03-07 09:51:52 | 000,072,672 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2005-09-29 12:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005-08-10 09:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005-08-10 07:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-05-16 08:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2001-08-22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 57 F0 12 F1 A2 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-24 14:24:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-24 14:23:46 | 000,000,000 | ---D | M]

[2010-07-26 15:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Mozilla\Extensions
[2010-12-26 20:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Mozilla\Firefox\Profiles\6ru1a0dn.default\extensions
[2010-12-24 14:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-12-03 13:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-12-03 13:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-12-03 13:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-12-03 13:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-12-03 13:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010-12-17 15:31:13 | 000,418,588 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14439 more lines...
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [WeatherEye] C:\Documents and Settings\lico\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: C:\Documents and Settings\lico\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Download5000 Toolbar - {9D931726-DFBC-480e-851A-20C397E1A2C8} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Download5000 Toolbar - {9D931726-DFBC-480e-851A-20C397E1A2C8} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 5883915920 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab (Creative Toolbox Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\lico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lico\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-05-31 03:53:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eac7c0bc-e286-11dd-8693-000bdbce2dd1}\Shell - "" = AutoRun
O33 - MountPoints2\{eac7c0bc-e286-11dd-8693-000bdbce2dd1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-12-28 18:56:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-12-28 13:35:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-12-28 13:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-12-28 12:01:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lico\Recent
[2010-12-27 17:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010-12-27 15:18:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
[2010-12-24 14:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-12-24 10:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010-12-21 18:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010-12-21 18:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2010-12-21 17:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lico\Local Settings\Application Data\Apple Computer
[2010-12-20 13:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lico\Application Data\Malwarebytes
[2010-12-19 20:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenMates
[2010-12-17 15:29:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\IASYV
[2010-12-17 15:28:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\5c9869
[2009-05-10 14:57:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\lico\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010-12-28 19:02:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-12-28 18:58:05 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010-12-28 18:58:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-28 18:57:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-28 18:23:43 | 000,296,448 | ---- | M] () -- C:\9zis208m.exe
[2010-12-28 13:43:57 | 016,777,216 | ---- | M] () -- C:\Documents and Settings\lico\ntuser.bak
[2010-12-28 13:35:23 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\lico\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010-12-27 17:38:01 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers IrfanView.lnk
[2010-12-27 15:18:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lico\Bureau\OTL.exe
[2010-12-26 22:00:01 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010-12-24 14:23:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Mozilla Firefox.lnk
[2010-12-22 10:26:35 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-12-17 15:31:13 | 000,418,588 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-12-15 10:02:28 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010-12-28 18:23:41 | 000,296,448 | ---- | C] () -- C:\9zis208m.exe
[2010-12-28 13:43:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\lico\ntuser.tmp.LOG
[2010-12-28 13:35:23 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\lico\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010-12-27 17:43:35 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers IrfanView.lnk
[2010-12-24 14:45:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Mozilla Firefox.lnk
[2010-12-24 10:42:41 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010-12-22 11:37:51 | 016,777,216 | ---- | C] () -- C:\Documents and Settings\lico\ntuser.bak
[2010-12-17 17:29:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers Internet Explorer.lnk
[2010-09-22 14:15:07 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2010-09-22 12:59:47 | 000,000,880 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
[2010-09-04 13:10:23 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-08-17 12:50:47 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010-07-31 11:11:51 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010-07-31 11:11:51 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010-07-31 11:11:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009-11-30 15:41:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ztLib.dll
[2009-09-25 07:40:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-07-10 19:01:57 | 000,000,081 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009-06-07 16:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009-06-04 12:57:07 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009-05-29 17:42:20 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009-05-10 14:57:20 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\inst.exe
[2009-05-10 14:57:20 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\pcouffin.cat
[2009-05-10 14:57:20 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\lico\Application Data\pcouffin.inf
[2009-03-11 14:01:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009-01-10 15:43:57 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008-10-15 15:31:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-09-28 18:35:12 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-28 18:14:39 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\lico\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-08-25 10:43:38 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\IOCTLVDD.DLL
[2008-08-25 10:42:15 | 000,009,279 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini
[2008-08-25 10:42:15 | 000,008,157 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2008-08-25 10:42:15 | 000,000,170 | ---- | C] () -- C:\WINDOWS\settings.ini
[2008-05-31 20:02:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008-05-30 22:22:54 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-03-06 09:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004-09-16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004-09-16 12:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

========== LOP Check ==========

[2009-01-22 16:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\328C
[2010-12-17 15:30:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\5c9869
[2010-08-28 15:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2010-12-24 10:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2010-12-17 15:29:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\IASYV
[2010-07-02 14:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-08-21 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010-07-22 15:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010-11-27 19:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\GlarySoft
[2009-11-13 21:07:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\lico\Application Data\InAlbumTemp
[2010-12-28 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\IObit
[2010-11-27 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\PhotoFiltre
[2010-08-06 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\PropMgrAsync
[2010-04-01 16:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Smart PC Solutions
[2010-07-05 14:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Softplicity
[2010-10-30 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Vso
[2009-11-06 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lico\Application Data\Windows Live Writer
[2010-12-28 18:58:05 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010-12-28 19:02:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010-12-28 18:57:38 | 000,032,496 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010-12-26 22:00:01 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2010-12-28 18:23:43 | 000,296,448 | ---- | M] () -- C:\9zis208m.exe


<MD5>
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-07-12 13:30:09 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008-07-12 15:37:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003-04-24 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002-08-29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2008-04-13 21:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008-04-13 21:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2004-08-19 18:09:51 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

<MD5>
[2004-08-19 18:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2004-08-19 18:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

<MD5>
[2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-19 18:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2004-08-19 18:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<MD5>
[2004-08-19 18:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

<MD5>
[2004-08-19 18:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

<systemroot>

<systemroot>

<systemroot>

<End>


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-28 19:43:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: 9zis208m.exe; Driver: C:\DOCUME~1\lico\LOCALS~1\Temp\fgkorfoc.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ---
Lucky46
 
Messages: 17
Inscription: 28 Déc 2010, 18:12

Messagede Lucky46 » 29 Déc 2010, 02:31

Bonjour,

Selon vous le rapport de Gmer devrait être long,est-ce que j'aurais fais une erreur?
Car j'ai procédé comme il était dit.

IL y a se passage que j'ai peut-être pas compris:



À l'étape 3. Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Merci
Lucky46
 
Messages: 17
Inscription: 28 Déc 2010, 18:12

Messagede nickW » 29 Déc 2010, 15:30

Bonjour,

1/ Pour répondre à ta première interrogation:

J'avais écrit: ce rapport est parfois très long;
"Parfois" ne signifie pas "toujours". :wink:


2/ Pour répondre à ta seconde interrogation:

Apparemment, tu as bien compris.
Je voulais dire que l'on télécharge un fichier au nom aléatoire (dans ton cas il s'appelle 9zis208m.exe) qu'il faut placer dans C:\


3/ Pourrais-tu envoyer le rapport de correction de OTL?
contenu du fichier C:\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure


4/ Après ce premier nettoyage, peux-tu me dire comment se comporte le PC?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Code de caractère pour accèder à Mozilla

Messagede Lucky46 » 29 Déc 2010, 18:26

Bonjour,

Je ne suis pas une personne experte en informatique,mais j'ai constaté plus d'une quinzaine d'erreurs dans la
première analyse et aussi un Trojan:win32/Jpgiframe donc sa gravité:grave,est-ce que maintenant j'en suis
débarrassé?

Je peu voir ma page d'ouverture de Mozilla,mais il y a encore de la lenteur au téléchargement;*Erreur de chargement
de la page ou je me retrouve sur des sites qui n'ont aucun rapport avec mes recherches.Ex:Je voulais le résultat de la
loterie et je suis dirigé sur un site qui ne regarde en rien la loterie.Je rencontre aussi quelque fois*404-Page Not Found.


Aujourd'hui lorsque j'ai ouvert mon ordinateur,j'ai remarqué une minime lenteur en faisant le nettoyage habituel est-ce normal?
J'utilise( Glary Utilities,Ccleaner).
Est-ce que je peu supprimer tout ce que j'avais téléchargé pour l'analyse,ou dois-Je les garder
encore quelque temps?

P.S:ESt-ce que vous pourriez me dire ce qui n'est pas utile ou plus utile après ces analyses dans mon ordinateur et comment m'y prendre pour les supprimer.



Merci

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\Lbd.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{196C3A46-4758-433D-A600-802C804AF39C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{196C3A46-4758-433D-A600-802C804AF39C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge\ deleted successfully.
ADS C:\WINDOWS:A63574A11E692009 deleted successfully.
ADS C:\WINDOWS\system32:2d7ed1c3.zreglib deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F0FFA06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 482766 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: lico
->Temp folder emptied: 524625 bytes
->Temporary Internet Files folder emptied: 15752525 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55434062 bytes
->Flash cache emptied: 993 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 604126 bytes
->Temporary Internet Files folder emptied: 3548613 bytes
->FireFox cache emptied: 3791435 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 449274 bytes
RecycleBin emptied: 3038722 bytes

Total Files Cleaned = 80,00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12282010_185612

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Lucky46
 
Messages: 17
Inscription: 28 Déc 2010, 18:12

Messagede nickW » 30 Déc 2010, 23:23

Bonsoir,

Peux-tu envoyer sur le forum le rapport d'analyse qui montre cette "quinzaine d'erreurs" et ce "Trojan:win32/Jpgiframe"?


Je te dirai quand et comment nettoyer les divers outils utilisés.


Nouvelles manips: Analyse du MBR (Master Boot Record)


Étape 1: MBRCheck (de a_d_13), téléchargement
Télécharger MBRCheck.exe depuis l'un des liens ci-dessous:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/ro ... RCheck.exe
http://www.kernelmode.info/MBRCheck.exe

Enregistrer ce fichier sur le Bureau.


Étape 2: MBRCheck (de a_d_13), analyse

Faire un double clic sur MBRCheck.exe pour lancer l'outil.
Une petite fenêtre à fond noir va s'ouvrir.
Laisser l'outil travailler sans l'interrompre.
Si le programme affiche
...........Found non-standard or infected MBR.
...........Enter 'Y' and hit ENTER for more options, or 'N' to exit

appuyer sur la touche N puis sur la touche Entrée

En fin d'exécution, s'affiche le message
...........Done!
...........Press ENTER to exit ...


Appuyer sur la touche Entrée pour fermer le programme.


Étape 3: Résultats
Envoyer en réponse:
*- le rapport d'analyse de MBRCheck (contenu du fichier MBRCheck_**.**.**_**.**.**.txt - les ** sont des chiffres représentant la date [mois.jour.année] et l'heure [heures.minutes.secondes] qui se trouve sur le Bureau).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 36 invités