[OK] Infection par ADSPY/Bho.aa.1

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Infection par ADSPY/Bho.aa.1

Messagede nicop » 14 Mai 2009, 19:10

Bonjour,

Antivir m'a fait plusieurs alertes (encore! :evil: ) :

<img src="http://www.imageshotel.org/images/nicop/image1.jpg" alt="Image hébergée sur http://www.imageshotel.org/">

Symptômes associés :
-Plantage quasi systématique sur le clic droit de la souris
-Plantage à l'ouverture de certains logiciels (google hearth et lecteur VLC)
-Accès refusé à "C:System Volume Information".

Le problème venant apparemment du répertoire "_restore", j'ai désactivé/réactivé la restauration système.
Depuis, je n'ai plus d'alerte d'Antivir, mais les symptômes persistent.

Voici les logs de Malwarebytes et OTListIt2 :

Merci.

_______________________________________________________________________________

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2131
Windows 5.1.2600 Service Pack 2

14/05/2009 18:40:11
mbam-log-2009-05-14 (18-40-01).txt

Type de recherche: Examen rapide
Eléments examinés: 90738
Temps écoulé: 3 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nicop » 14 Mai 2009, 19:11

OTListIt logfile created on: 14/05/2009 18:54:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\NouvelAdministrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,53 Mb Total Physical Memory | 182,14 Mb Available Physical Memory | 35,61% Memory free
1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,94% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,96 Gb Total Space | 22,75 Gb Free Space | 51,75% Space Free | Partition Type: NTFS
Drive D: | 67,83 Gb Total Space | 31,74 Gb Free Space | 46,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232,88 Gb Total Space | 128,46 Gb Free Space | 55,16% Space Free | Partition Type: NTFS

Computer Name: MAISON
Current User Name: NouvelAdministrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:09:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/01/04 17:39:13 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
PRC - [2009/04/27 11:03:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/05/03 06:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PROTECTION\PC Tools Firewall Plus\FWService.exe
PRC - [2004/08/04 00:54:50 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2009/04/27 11:03:36 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/06/02 16:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/02/23 10:49:16 | 02,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PROTECTION\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/11/13 15:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\PROTECTION\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/11/13 15:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/05/14 18:20:37 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 13:09:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Disabled | Stopped])
SRV - [2006/01/04 17:39:13 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2005/06/02 16:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Disabled | Stopped])
SRV - [2004/08/04 00:54:36 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2009/04/27 11:03:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped])
SRV - [2008/05/03 06:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PROTECTION\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus [Auto | Running])
SRV - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 08:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/06/19 09:30:18 | 00,752,764 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2005/02/16 10:06:18 | 00,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
DRV - [2008/11/25 12:40:01 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2004/08/04 00:38:44 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [System | Stopped])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2001/08/17 22:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
DRV - [2006/01/04 17:39:13 | 00,058,160 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
DRV - [2006/07/24 19:08:41 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2001/08/17 20:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Running])
DRV - [2004/08/04 01:05:42 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2001/08/17 22:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
DRV - [2001/08/17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
DRV - [2004/08/03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/03 06:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/09/23 11:38:34 | 00,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5 [On_Demand | Stopped])
DRV - [2006/03/01 19:53:54 | 00,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2008/12/18 12:16:56 | 00,073,840 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent [Auto | Running])
DRV - [2008/12/11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi [System | Running])
DRV - [2009/01/21 10:38:32 | 00,095,640 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw [On_Demand | Running])
DRV - [2003/03/21 13:34:08 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/05/05 22:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/09/28 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 22:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
DRV - [2001/09/28 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2008/11/02 10:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2006/10/06 22:55:43 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/09/22 12:29:18 | 00,097,408 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\DRIVERS\pctfw.sys -- (SFilter [On_Demand | Running])
DRV - [2003/07/15 16:00:00 | 00,578,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/11/05 10:23:14 | 00,006,097 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb [Boot | Running])
DRV - [2001/11/05 10:23:52 | 00,299,923 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonyhcs.sys -- (sonyhcs [On_Demand | Stopped])
DRV - [2007/01/14 21:29:01 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/02/13 12:49:30 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2007/05/02 12:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007/05/02 12:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 12:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/10/21 03:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2006/02/23 12:38:32 | 00,009,728 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32 [Boot | Running])
DRV - [2002/10/24 10:07:00 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Stopped])
DRV - [2002/11/13 11:34:06 | 00,010,496 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll File not found
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\S-1-5-21-1757981266-1343024091-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ixquick.com/fra/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.003
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/27 11:03:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/10 20:14:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/09 09:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/10 20:14:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/09 09:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/20 19:51:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/05/09 09:57:49 | 00,000,000 | ---D | M]

[2009/01/02 23:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Extensions
[2009/01/02 23:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/14 18:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Firefox\Profiles\legnr8m7.default\extensions
[2009/04/20 21:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Firefox\Profiles\legnr8m7.default\extensions\unplug@compunach
[2009/05/14 18:33:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 14:35:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/09/08 20:51:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/04/27 11:03:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/30 14:34:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 14:34:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/28 21:22:45 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/11/28 21:22:45 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/11/28 21:22:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/28 21:22:45 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/11/28 21:22:45 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2008/11/28 21:22:45 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
[2009/04/03 18:02:40 | 00,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305374 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10539 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2B60FCB3-C93D-4ECF-ACC3-EE4D19E6AF3C} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\PROTECTION\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00PCTFW] "C:\Program Files\PROTECTION\PC Tools Firewall Plus\FirewallGUI.exe" -s (PC Tools)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\PROTECTION\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\PROTECTION\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4735226994 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3661829911 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 0320833333 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{A67E149E-EC81-4BA0-8709-7161CE1F8206}\\NameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/08 19:07:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/03 21:00:48 | 00,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/20 18:54:59 | 00,679,936 | R--- | M] () - G:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- [2006/03/20 18:54:59 | 00,679,936 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/05/14 18:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\Malwarebytes
[2009/05/14 18:26:04 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/05/14 18:26:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 18:25:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/14 18:25:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/14 18:21:13 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\mbam-setup.exe
[2009/05/14 18:20:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\OTListIt2.exe
[2009/05/13 21:09:55 | 00,001,094 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1343024091-725345543-1003.job
[2009/05/05 13:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Securitoo
[2009/05/05 13:06:54 | 00,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys
[2009/04/30 14:59:16 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/30 14:59:16 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/30 14:59:16 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/04/30 14:59:16 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/04/30 14:59:16 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/04/30 14:59:09 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/30 14:59:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/04/28 22:14:07 | 00,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2009/04/28 22:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Invisible Secrets 4
[2009/04/27 14:36:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\PCToolsFirewallPlus
[2009/04/27 14:34:56 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/27 14:34:56 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/27 14:34:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/27 14:34:27 | 00,097,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw.sys
[2009/04/27 14:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PC Tools
[2009/04/27 14:34:24 | 00,095,640 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2009/04/27 13:15:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\TeamViewer
[2009/04/27 12:39:12 | 00,000,512 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/27 12:34:14 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/26 20:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Bureau\SAUVEGARDES REGISTRE
[2009/04/23 08:38:30 | 01,606,696 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\TeamViewerQS_fr.exe
[2009/04/22 11:28:36 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\CleanHandlers.exe
[2009/04/21 20:38:22 | 00,001,056 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Spybot - Search & Destroy.lnk
[2009/04/20 20:32:50 | 00,000,552 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Raccourci vers Bureau.lnk
[2009/04/20 16:29:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/18 14:21:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/18 14:21:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\Sun
[2009/04/18 14:12:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/04/17 14:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/04/17 14:24:16 | 00,000,000 | ---D | C] -- C:\Program Files\Open Office
[2009/03/31 17:53:43 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/02/24 16:57:00 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/24 14:09:31 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/24 14:09:30 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/12/20 15:57:40 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/18 10:56:05 | 00,000,074 | ---- | C] () -- C:\WINDOWS\Babyegg.INI
[2008/05/03 06:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 06:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 06:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 06:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 06:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/17 19:43:31 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/05 11:08:14 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/12/05 11:08:12 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/05 11:03:35 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2007/12/05 11:03:35 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2007/12/05 11:03:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2007/12/05 11:03:35 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2007/12/05 11:03:35 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2007/12/05 11:03:35 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2007/12/05 11:03:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2007/12/05 11:03:34 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2007/12/05 11:03:34 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2007/12/05 11:03:34 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2007/12/05 11:03:34 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2007/12/05 11:03:34 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2007/12/05 11:03:34 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2007/12/05 11:03:33 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2007/12/05 11:03:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2007/12/05 11:03:25 | 00,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini
[2007/06/30 21:43:30 | 00,002,813 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/06/01 14:32:47 | 00,000,173 | ---- | C] () -- C:\WINDOWS\APACHEAV.SYS
[2007/03/29 10:54:55 | 00,000,239 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/22 17:13:15 | 00,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/01/14 21:29:01 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/09/08 21:02:23 | 00,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2006/09/02 19:18:44 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/09/01 14:23:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2006/08/08 19:19:21 | 00,038,609 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2006/06/03 00:15:44 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 19:37:27 | 00,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/05/24 19:37:27 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/04/05 20:10:30 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/04/05 20:10:30 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/03/20 20:10:01 | 00,000,972 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/02/24 10:41:59 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 10:41:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 18:36:20 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 18:36:20 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 18:36:20 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/02/10 21:48:58 | 00,000,014 | ---- | C] () -- C:\WINDOWS\AKA2.INI
[2006/02/10 21:48:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/10 20:51:45 | 00,000,043 | ---- | C] () -- C:\WINDOWS\akaklike.ini
[2005/12/02 21:51:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/07/04 11:23:31 | 00,001,891 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2005/06/08 15:48:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2005/06/08 15:36:37 | 00,077,796 | ---- | C] () -- C:\WINDOWS\System32\Wndtc32.dll
[2005/05/28 19:45:16 | 00,000,076 | ---- | C] () -- C:\WINDOWS\EXE.INI
[2005/05/28 19:06:59 | 00,000,229 | ---- | C] () -- C:\WINDOWS\provw.ini
[2005/01/08 22:15:04 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/11/23 21:51:16 | 00,002,801 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2004/11/07 13:07:12 | 00,000,039 | ---- | C] () -- C:\WINDOWS\dversion.ini
[2004/09/29 10:59:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2004/09/01 16:17:53 | 00,000,171 | ---- | C] () -- C:\WINDOWS\SOFTPEG.INI
[2004/08/31 17:56:22 | 00,000,009 | ---- | C] () -- C:\WINDOWS\atlas-fra.INI
[2004/08/04 02:54:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/04 00:54:28 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/06/16 14:17:05 | 00,000,114 | ---- | C] () -- C:\WINDOWS\CDSFDB01.INI
[2004/06/16 14:16:57 | 00,001,104 | ---- | C] () -- C:\WINDOWS\CDSFUNST.INI
[2004/05/20 15:03:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/05/19 14:55:40 | 00,000,253 | ---- | C] () -- C:\WINDOWS\Creator.INI
[2004/05/11 16:33:37 | 00,000,040 | ---- | C] () -- C:\WINDOWS\INTER.INI
[2004/05/08 10:57:27 | 00,000,499 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/05/07 18:00:20 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/05/07 18:00:20 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/05/07 18:00:20 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/04/30 17:24:10 | 00,000,757 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/04/30 14:43:20 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2004/04/29 11:21:03 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/04/29 11:20:49 | 00,003,289 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/04/29 11:20:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/04/21 14:59:52 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004/04/21 14:59:50 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/04/21 14:59:50 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/03/24 09:22:26 | 00,138,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2004/03/02 09:42:43 | 00,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/01/08 10:30:22 | 00,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003/12/09 18:27:20 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/09 16:36:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2002/05/28 03:52:36 | 00,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2001/08/28 14:00:00 | 00,001,362 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/28 14:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/06/24 11:32:44 | 00,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[1997/06/14 10:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/05/14 18:49:18 | 00,171,848 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/14 18:48:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Local Settings\desktop.ini
[2009/05/14 18:48:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/14 18:48:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/14 18:26:04 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/05/14 18:21:53 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\mbam-setup.exe
[2009/05/14 18:20:37 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\OTListIt2.exe
[2009/05/14 18:16:12 | 00,305,374 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/14 15:35:59 | 00,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1343024091-725345543-1003.job
[2009/05/10 18:24:03 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/09 10:17:27 | 00,305,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090514-181612.backup
[2009/05/06 18:17:30 | 00,227,840 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Composition1.pub
[2009/05/04 12:38:00 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/29 10:41:48 | 00,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2009/04/28 22:14:07 | 00,058,904 | ---- | M] () -- C:\WINDOWS\System32\is4tray.dll
[2009/04/27 07:37:20 | 00,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/23 08:38:32 | 01,606,696 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\TeamViewerQS_fr.exe
[2009/04/21 20:45:20 | 00,304,439 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090509-101727.backup
[2009/04/21 20:38:22 | 00,001,056 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Spybot - Search & Destroy.lnk
[2009/04/21 20:19:11 | 00,000,114 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-204520.backup
[2009/04/21 18:04:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2009/04/21 18:00:45 | 00,309,200 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-201842.backup
[2009/04/21 18:00:45 | 00,309,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-201911.backup
[2009/04/21 17:53:05 | 00,000,239 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/21 16:56:59 | 00,309,200 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-180045.backup
[2009/04/20 20:32:50 | 00,000,552 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Raccourci vers Bureau.lnk
[2009/04/18 16:11:21 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/18 13:24:06 | 00,001,480 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/04/18 13:24:02 | 00,309,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-165659.backup

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nicop » 14 Mai 2009, 19:13

OTListIt Extras logfile created on: 14/05/2009 18:54:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\NouvelAdministrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,53 Mb Total Physical Memory | 182,14 Mb Available Physical Memory | 35,61% Memory free
1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,94% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,96 Gb Total Space | 22,75 Gb Free Space | 51,75% Space Free | Partition Type: NTFS
Drive D: | 67,83 Gb Total Space | 31,74 Gb Free Space | 46,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 232,88 Gb Total Space | 128,46 Gb Free Space | 55,16% Space Free | Partition Type: NTFS

Computer Name: MAISON
Current User Name: NouvelAdministrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/11/13 15:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 15:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 15:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner
[2006/11/13 15:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 15:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 15:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@icon sushi_is1" = @icon sushi 1.21
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04460044-9149-45C6-A806-F2BF9CFCE762}" = Encyclopédie Microsoft Encarta 2004
"{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}" = OpenOffice.org 3.0
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4777A027-6F52-4037-AE1B-399A3B7A42B2}" = Samsung PC Studio 3
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{5B03B93F-1B32-4509-9CA6-4BB33E9987EF}" = CANON iMAGE GATEWAY Task
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6DA14D85-7F45-11D5-B913-00B0D0180917}" = Universalis 7
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (F)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Internet Library
"{D2CA31E1-EE00-11DD-B5A6-005056806466}" = Google Earth
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E6BAE954-487E-488B-BC4E-2E69E54E8117}" = Microsoft Works
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F13BA02B-435A-11D2-A597-00104B97152B}" = ER Mapper imagery plugin for ArcView® 3.1 Onwards v2.4
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Akakliké" = Akakliké
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BelAtoutFr_is1" = Bel Atout 3.83
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CCleaner" = CCleaner (remove only)
"Chord Finder" = Uninstall Super Guitar Chord Finder
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DivX Codec" = DivX Codec
"EAX Unified" = EAX Unified
"eMule" = eMule
"ffdshow" = ffdshow (remove only)
"FontView_is1" = FontView version 3.3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.5.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{5B03B93F-1B32-4509-9CA6-4BB33E9987EF}" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}" = Canon Internet Library for ZoomBrowser EX
"Invisible Secrets 4" = Invisible Secrets 4
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"LaserTank" = LaserTank
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Melody Assistant" = Melody Assistant
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"Pingu - Le CD-Rom des petits pingouins" = Pingu - Le CD-Rom des petits pingouins
"PowerISO" = PowerISO
"PROR" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SyncBack_is1" = SyncBack
"Tarobot" = Tarobot (Enlever seulement)
"TerraExplorer" = TerraExplorer
"Tomb Raider: Legend" = Tomb Raider: Legend 1.0
"Total Uninstall_is1" = Total Uninstall 2.35
"Triogical!_is1" = Triogical v2.01
"Tux Paint Stamps_is1" = Tux Paint Stamps 2006-10-21
"Tux Paint_is1" = Tux Paint 0.9.16
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Mobile Device Handbook" = Ressources Windows Mobile
"WinRAR archiver" = Archiveur WinRAR
"WJChess2D" = WJChess2D
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Works2004Setup" = Sélecteur d'installation de Microsoft Works 2004
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/04/2009 10:31:14 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 26/04/2009 10:55:48 | Computer Name = MAISON | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 mspub.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.2180, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 27/04/2009 06:35:09 | Computer Name = MAISON | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04/05/2009 06:43:25 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 04/05/2009 06:43:25 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 04/05/2009 07:25:21 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 04/05/2009 07:25:21 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 05/05/2009 10:42:17 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 13/05/2009 09:33:16 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

Error - 13/05/2009 15:10:31 | Computer Name = MAISON | Source = .NET Runtime | ID = 0
Description =

[ OSession Events ]
Error - 10/01/2009 06:10:59 | Computer Name = MAISON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 660
seconds with 540 seconds of active time. This session ended with a crash.

Error - 17/04/2009 06:46:47 | Computer Name = MAISON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 297
seconds with 240 seconds of active time. This session ended with a crash.

Error - 17/04/2009 06:50:41 | Computer Name = MAISON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 219
seconds with 180 seconds of active time. This session ended with a crash.

Error - 17/04/2009 06:51:37 | Computer Name = MAISON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/05/2009 07:12:11 | Computer Name = MAISON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 14/05/2009 09:35:59 | Computer Name = MAISON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 14/05/2009 10:26:19 | Computer Name = MAISON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 14/05/2009 10:26:49 | Computer Name = MAISON | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM TVAudio Crossbar n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 14/05/2009 10:26:49 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : viaagp1

Error - 14/05/2009 10:31:19 | Computer Name = MAISON | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 14/05/2009 10:32:08 | Computer Name = MAISON | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM TVAudio Crossbar n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 14/05/2009 10:32:08 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : viaagp1

Error - 14/05/2009 12:50:06 | Computer Name = MAISON | Source = Service Control Manager | ID = 7000
Description = Le service nVidia WDM TVAudio Crossbar n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 14/05/2009 12:50:06 | Computer Name = MAISON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : viaagp1


<End>
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nickW » 15 Mai 2009, 22:06

Bonsoir,

Peux-tu envoyer un autre rapport:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: FindyKill (de Chiquitine29), installation
Télécharger FindyKill.exe via un clic droit (suivi de Enregistrer sous....) sur le lien ci-dessous:
http://sd-1.archive-host.com/membres/up ... dyKill.exe
Enregistrer ce fichier sur le Bureau.

Faire un double clic sur le fichier téléchargé FindyKill.exe pour lancer l'installation.
Accepter tous les paramètres par défaut (en cliquant sur Suivant, en cochant "Je suis d'accord...." suivi d'un clic sur Suivant, puis en cliquant sur Suivant, et enfin sur Démarrer). En fin d'installation, cliquer sur Quitter.


Étape 2: FindyKill (de Chiquitine29), recherche
Brancher les périphériques de stockage externes (clé USB, disque dur externe, etc...).

Faire un double clic sur le raccourci FindyKill situé sur le Bureau.

Sur le menu principal, choisir l'option 1 (Recherche de fichiers infectieux) et valider en appuyant sur la touche Entrée.
Les icônes du Bureau et le Menu Démarrer vont disparaître: c'est normal.
Lorsque la recherche est terminée, appuyer sur une touche pour provoquer l'ouverture d'une fenêtre du Bloc-notes contenant le résultat de l'analyse. Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse le contenu du fichier SystemDrive\FindyKill.txt
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nicop » 16 Mai 2009, 08:44

Merci nickW,

voici le nouveau log :


############################## [ FindyKill V4.728 ]

# User : NouvelAdministrateur (Administrateurs) # MAISON
# Update on 13/05/09 by Chiquitine29
# Start at: 09:40:30 | 16/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(TM) XP 2500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
# FW : PC Tools Firewall Plus[ Enabled ]4.0.0

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 43,96 Go (21,84 Go free) # NTFS
# D:\ # Disque fixe local # 67,83 Go (31,74 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM # 4,31 Go (0 Mo free) [TombRaiderLegend] # CDFS
# H:\ # Disque CD-ROM
# I:\ # Disque amovible # 971,42 Mo (447,06 Mo free) # FAT
# J:\ # Disque amovible # 960,57 Mo (801,96 Mo free) # FAT32
# K:\ # Disque fixe local # 232,88 Go (128,46 Go free) [SIG_MATEMALE] # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PROTECTION\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PROTECTION\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PROTECTION\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Hanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PROTECTION\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PROTECTION\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux ]

Found ! C:\WINDOWS\system32\drivers\downld

################## [ Infected Temp Files ]


################## [ Registre / Clés infectieuses ]



################## [ Recherche dans supports amovibles]

Found ! G:\autorun.inf
Found ! J:\autorun.inf

################## [ Registre / Mountpoints2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.728 ! ]
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nickW » 17 Mai 2009, 00:25

Bonsoir,

Quelques nettoyages:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Pas de processus de surveillance en temps réel
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand).


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: FindyKill (de Chiquitine29), nettoyage
Brancher les périphériques de stockage externes (clé USB, disque dur externe, etc...).

Faire un double clic sur le raccourci FindyKill situé sur le Bureau.

Sur le menu principal, choisir l'option 2 (Suppression des fichiers infectieux) et valider en appuyant sur la touche Entrée.
Cliquer sur OK dans la fenêtre d'information.
Les icônes du Bureau et le Menu Démarrer vont disparaître: c'est normal.
Le PC va redémarrer deux fois (appuyer sur une touche quand demandé).

Lorsque le nettoyage est terminé, appuyer sur une touche pour provoquer l'ouverture d'une fenêtre du Bloc-notes contenant le résultat. Fermer le Bloc-notes.


Étape 4: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTListIt2 (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTListIt2.

Étape 7: Résultats
Envoyer en réponse:
*- le rapport de FindyKill (contenu du fichier SystemDrive\FindyKill.txt).
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt2 (contenu du fichier OTListIt.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nicop » 17 Mai 2009, 17:13

Bonjour,

- Apparemment, plus de plantage sur le clic droit,

MAIS :

-il y a toujours plantage total avec VLC et Google Hearth (je ne peux pas affirmer à 100% que ceci est du à l'infection, mais c'est apparu en même temps, et je ne vois pas à quoi d'autre associer cela).

- Accès toujours impossible à System Volume Information (seulement sur disque C: ) :

<img src="http://www.imageshotel.org/images/nicop/image1_1.jpg" alt="Image hébergée sur http://www.imageshotel.org/">

Avant les rapports, deux questions :

1/ L'exécution de FindyKill a réactivé le Centre de sécurité Windows et son Pare-feu ; je le désactive ?

2/ Lorsque je désactive correctement Teatimer en session Administrateur (+ redémarrage), celui-ci est toujours dans la Sysbarre (et activé) de la session limitée. Est-ce normal ? N'est-ce pas pour ça que certains problèmes persistent ?

Voici le rapport FindyKill :


############################## [ FindyKill V4.728 ]

# User : NouvelAdministrateur (Administrateurs) # MAISON
# Update on 13/05/09 by Chiquitine29
# Start at: 15:43:18 | 17/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(TM) XP 2500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
# FW : PC Tools Firewall Plus[ Enabled ]4.0.0

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 43,96 Go (21,77 Go free) # NTFS
# D:\ # Disque fixe local # 67,83 Go (31,74 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM # 4,31 Go (0 Mo free) [TombRaiderLegend] # CDFS
# H:\ # Disque CD-ROM
# I:\ # Disque amovible # 971,42 Mo (447,06 Mo free) # FAT
# J:\ # Disque amovible # 960,57 Mo (801,96 Mo free) # FAT32
# K:\ # Disque fixe local # 232,88 Go (128,46 Go free) [SIG_MATEMALE] # NTFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PROTECTION\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
Deleted ! C:\WINDOWS\system32\drivers\downld

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ]


################## [ Cleaning Removable drives ]

(!) Not deleted ! G:\autorun.inf
Deleted ! J:\autorun.inf

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup ="Start"
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

# -> Nothing found.

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.728 ! ]

_______________________________________________________________________________________________________________



Le rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2145
Windows 5.1.2600 Service Pack 2

17/05/2009 16:10:09
mbam-log-2009-05-17 (16-10-09).txt

Type de recherche: Examen rapide
Eléments examinés: 90841
Temps écoulé: 4 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nicop » 17 Mai 2009, 17:15

Le rapport OTListIt :

OTListIt logfile created on: 17/05/2009 16:17:47 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\NouvelAdministrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,53 Mb Total Physical Memory | 278,05 Mb Available Physical Memory | 54,36% Memory free
1,22 Gb Paging File | 0,99 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,96 Gb Total Space | 21,76 Gb Free Space | 49,50% Space Free | Partition Type: NTFS
Drive D: | 67,83 Gb Total Space | 31,74 Gb Free Space | 46,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
Drive I: | 971,42 Mb Total Space | 447,06 Mb Free Space | 46,02% Space Free | Partition Type: FAT
Drive J: | 960,57 Mb Total Space | 801,97 Mb Free Space | 83,49% Space Free | Partition Type: FAT32
Drive K: | 232,88 Gb Total Space | 128,46 Gb Free Space | 55,16% Space Free | Partition Type: NTFS

Computer Name: MAISON
Current User Name: NouvelAdministrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:09:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/01/04 17:39:13 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
PRC - [2009/04/27 11:03:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/05/03 06:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PROTECTION\PC Tools Firewall Plus\FWService.exe
PRC - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2004/08/04 00:54:50 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/06/02 16:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/08/04 00:55:04 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/04/27 11:03:36 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/23 10:49:16 | 02,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PROTECTION\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/11/13 15:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 15:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/05/14 18:20:37 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 13:09:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [Disabled | Stopped])
SRV - [2006/01/04 17:39:13 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
SRV - [2005/06/02 16:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Disabled | Stopped])
SRV - [2004/08/04 00:54:36 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped])
SRV - [2009/04/27 11:03:36 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped])
SRV - [2008/05/03 06:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PROTECTION\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus [Auto | Running])
SRV - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 08:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2003/06/19 09:30:18 | 00,752,764 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2005/02/16 10:06:18 | 00,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
DRV - [2008/11/25 12:40:01 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2004/08/04 00:38:44 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [System | Stopped])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2001/08/17 22:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
DRV - [2006/01/04 17:39:13 | 00,058,160 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
DRV - [2006/07/24 19:08:41 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2001/08/17 20:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Running])
DRV - [2004/08/04 01:05:42 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2001/08/17 22:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
DRV - [2001/08/17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
DRV - [2004/08/03 22:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/03 06:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/09/23 11:38:34 | 00,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5 [On_Demand | Stopped])
DRV - [2006/03/01 19:53:54 | 00,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2008/12/18 12:16:56 | 00,073,840 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent [Auto | Running])
DRV - [2008/12/11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi [System | Running])
DRV - [2009/01/21 10:38:32 | 00,095,640 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw [On_Demand | Running])
DRV - [2003/03/21 13:34:08 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/05/05 22:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
DRV - [2001/09/28 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 22:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
DRV - [2001/09/28 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2008/11/02 10:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2006/10/06 22:55:43 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/09/22 12:29:18 | 00,097,408 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\DRIVERS\pctfw.sys -- (SFilter [On_Demand | Running])
DRV - [2003/07/15 16:00:00 | 00,578,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/11/05 10:23:14 | 00,006,097 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb [Boot | Stopped])
DRV - [2001/11/05 10:23:52 | 00,299,923 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\sonyhcs.sys -- (sonyhcs [On_Demand | Stopped])
DRV - [2007/01/14 21:29:01 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/02/13 12:49:30 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2007/05/02 12:11:16 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2007/05/02 12:11:18 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 12:11:18 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/10/21 03:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2006/02/23 12:38:32 | 00,009,728 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32 [Boot | Running])
DRV - [2002/10/24 10:07:00 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfnth.sys -- (vulfnths [On_Demand | Stopped])
DRV - [2002/11/13 11:34:06 | 00,010,496 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\vulfntr.sys -- (vulfntrs [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ixquick.com/
IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll File not found
IE - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\S-1-5-21-1757981266-1343024091-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ixquick.com/fra/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.003
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/27 11:03:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/10 20:14:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/09 09:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/10 20:14:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/09 09:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/20 19:51:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2009/05/09 09:57:49 | 00,000,000 | ---D | M]

[2009/01/02 23:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Extensions
[2009/01/02 23:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/16 09:44:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Firefox\Profiles\legnr8m7.default\extensions
[2009/04/20 21:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\mozilla\Firefox\Profiles\legnr8m7.default\extensions\unplug@compunach
[2009/05/16 18:49:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 14:35:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/09/08 20:51:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/04/27 11:03:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/30 14:34:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 14:34:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/28 21:22:45 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/11/28 21:22:45 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/11/28 21:22:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/28 21:22:45 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/11/28 21:22:45 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2008/11/28 21:22:45 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
[2009/04/03 18:02:40 | 00,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305374 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10539 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2B60FCB3-C93D-4ECF-ACC3-EE4D19E6AF3C} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\PROTECTION\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00PCTFW] "C:\Program Files\PROTECTION\PC Tools Firewall Plus\FirewallGUI.exe" -s (PC Tools)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\PROTECTION\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1757981266-1343024091-725345543-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 4735226994 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3661829911 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 0320833333 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{A67E149E-EC81-4BA0-8709-7161CE1F8206}\\NameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/08 19:07:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/03 21:00:48 | 00,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/20 18:54:59 | 00,679,936 | R--- | M] () - G:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- [2006/03/20 18:54:59 | 00,679,936 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/05/17 15:39:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Nouveau dossier
[2009/05/16 09:36:48 | 00,001,376 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\FindyKill V4.728.lnk
[2009/05/16 09:36:45 | 00,000,000 | ---D | C] -- C:\FindyKill
[2009/05/16 09:35:42 | 01,380,961 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\FindyKill.exe
[2009/05/14 19:49:27 | 00,027,007 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Image1.jpg
[2009/05/14 18:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\Malwarebytes
[2009/05/14 18:26:04 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/05/14 18:26:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 18:25:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/14 18:25:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/14 18:21:13 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\mbam-setup.exe
[2009/05/14 18:20:34 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\OTListIt2.exe
[2009/05/13 21:09:55 | 00,001,094 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1343024091-725345543-1003.job
[2009/05/05 13:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Securitoo
[2009/05/05 13:06:54 | 00,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys
[2009/04/30 14:59:16 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/30 14:59:16 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/30 14:59:16 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/04/30 14:59:16 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/04/30 14:59:16 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/04/30 14:59:09 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/30 14:59:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/04/28 22:14:07 | 00,058,904 | ---- | C] () -- C:\WINDOWS\System32\is4tray.dll
[2009/04/28 22:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Invisible Secrets 4
[2009/04/27 14:36:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\PCToolsFirewallPlus
[2009/04/27 14:34:56 | 00,130,424 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/04/27 14:34:56 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/04/27 14:34:54 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/04/27 14:34:27 | 00,097,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw.sys
[2009/04/27 14:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PC Tools
[2009/04/27 14:34:24 | 00,095,640 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2009/04/27 13:15:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\TeamViewer
[2009/04/27 12:39:12 | 00,000,512 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/27 12:34:14 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/26 20:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Bureau\SAUVEGARDES REGISTRE
[2009/04/23 08:38:30 | 01,606,696 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\TeamViewerQS_fr.exe
[2009/04/22 11:28:36 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\CleanHandlers.exe
[2009/04/21 20:38:22 | 00,001,056 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Spybot - Search & Destroy.lnk
[2009/04/20 20:32:50 | 00,000,552 | ---- | C] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Raccourci vers Bureau.lnk
[2009/04/20 16:29:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/18 14:21:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/18 14:21:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NouvelAdministrateur\Application Data\Sun
[2009/04/18 14:12:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/03/31 17:53:43 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/02/24 16:57:00 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/24 14:09:31 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/24 14:09:30 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/12/20 15:57:40 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/18 10:56:05 | 00,000,074 | ---- | C] () -- C:\WINDOWS\Babyegg.INI
[2008/05/03 06:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 06:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 06:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 06:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 06:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/17 19:43:31 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/12/05 11:08:14 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2007/12/05 11:08:12 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/05 11:03:35 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2007/12/05 11:03:35 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2007/12/05 11:03:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2007/12/05 11:03:35 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2007/12/05 11:03:35 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2007/12/05 11:03:35 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2007/12/05 11:03:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2007/12/05 11:03:34 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2007/12/05 11:03:34 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2007/12/05 11:03:34 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2007/12/05 11:03:34 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2007/12/05 11:03:34 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2007/12/05 11:03:34 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2007/12/05 11:03:33 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2007/12/05 11:03:33 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2007/12/05 11:03:25 | 00,021,986 | ---- | C] () -- C:\WINDOWS\crwd32.ini
[2007/06/30 21:43:30 | 00,002,813 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/06/01 14:32:47 | 00,000,173 | ---- | C] () -- C:\WINDOWS\APACHEAV.SYS
[2007/03/29 10:54:55 | 00,000,239 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/22 17:13:15 | 00,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/01/14 21:29:01 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/09/08 21:02:23 | 00,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2006/09/02 19:18:44 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/09/01 14:23:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2006/08/08 19:19:21 | 00,038,609 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2006/06/03 00:15:44 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 19:37:27 | 00,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006/05/24 19:37:27 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/04/05 20:10:30 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/04/05 20:10:30 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/03/20 20:10:01 | 00,000,972 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/02/24 10:41:59 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 10:41:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 18:36:20 | 01,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 18:36:20 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 18:36:20 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/02/10 21:48:58 | 00,000,014 | ---- | C] () -- C:\WINDOWS\AKA2.INI
[2006/02/10 21:48:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/10 20:51:45 | 00,000,043 | ---- | C] () -- C:\WINDOWS\akaklike.ini
[2005/12/02 21:51:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/07/04 11:23:31 | 00,001,891 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2005/06/08 15:48:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2005/06/08 15:36:37 | 00,077,796 | ---- | C] () -- C:\WINDOWS\System32\Wndtc32.dll
[2005/05/28 19:45:16 | 00,000,076 | ---- | C] () -- C:\WINDOWS\EXE.INI
[2005/05/28 19:06:59 | 00,000,229 | ---- | C] () -- C:\WINDOWS\provw.ini
[2005/01/08 22:15:04 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/11/23 21:51:16 | 00,002,801 | ---- | C] () -- C:\WINDOWS\tabled32.ini
[2004/11/07 13:07:12 | 00,000,039 | ---- | C] () -- C:\WINDOWS\dversion.ini
[2004/09/29 10:59:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2004/09/01 16:17:53 | 00,000,171 | ---- | C] () -- C:\WINDOWS\SOFTPEG.INI
[2004/08/31 17:56:22 | 00,000,009 | ---- | C] () -- C:\WINDOWS\atlas-fra.INI
[2004/08/04 02:54:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/04 00:54:28 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/06/16 14:17:05 | 00,000,114 | ---- | C] () -- C:\WINDOWS\CDSFDB01.INI
[2004/06/16 14:16:57 | 00,001,104 | ---- | C] () -- C:\WINDOWS\CDSFUNST.INI
[2004/05/20 15:03:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/05/19 14:55:40 | 00,000,253 | ---- | C] () -- C:\WINDOWS\Creator.INI
[2004/05/11 16:33:37 | 00,000,040 | ---- | C] () -- C:\WINDOWS\INTER.INI
[2004/05/08 10:57:27 | 00,000,499 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/05/07 18:00:20 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/05/07 18:00:20 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/05/07 18:00:20 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/04/30 17:24:10 | 00,000,757 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/04/30 14:43:20 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2004/04/29 11:21:03 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/04/29 11:20:49 | 00,003,289 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/04/29 11:20:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/04/21 14:59:52 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2004/04/21 14:59:50 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/04/21 14:59:50 | 00,036,076 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/03/24 09:22:26 | 00,138,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2004/03/02 09:42:43 | 00,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/01/08 10:30:22 | 00,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2003/12/09 18:27:20 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/09 16:36:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2002/05/28 03:52:36 | 00,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2001/08/28 14:00:00 | 00,001,362 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/28 14:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/06/24 11:32:44 | 00,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll
[1997/06/14 10:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/05/17 16:12:34 | 00,171,848 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/17 16:12:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Local Settings\desktop.ini
[2009/05/17 16:11:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 16:11:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 15:52:46 | 00,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1343024091-725345543-1003.job
[2009/05/17 15:44:41 | 00,459,780 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/05/17 15:44:41 | 00,393,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 15:44:41 | 00,072,118 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/05/17 15:44:41 | 00,059,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 15:44:40 | 00,996,874 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 15:44:40 | 00,344,358 | ---- | M] () -- C:\WINDOWS\System32\perfh040.dat
[2009/05/17 15:44:40 | 00,041,106 | ---- | M] () -- C:\WINDOWS\System32\perfc040.dat
[2009/05/17 09:13:05 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/16 09:36:48 | 00,001,376 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\FindyKill V4.728.lnk
[2009/05/16 09:36:08 | 01,380,961 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\FindyKill.exe
[2009/05/14 19:49:27 | 00,027,007 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Image1.jpg
[2009/05/14 18:26:04 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/05/14 18:21:53 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\mbam-setup.exe
[2009/05/14 18:20:37 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NouvelAdministrateur\Bureau\OTListIt2.exe
[2009/05/14 18:16:12 | 00,305,374 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/09 10:17:27 | 00,305,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090514-181612.backup
[2009/05/06 18:17:30 | 00,227,840 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Composition1.pub
[2009/05/04 12:38:00 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/29 10:41:48 | 00,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2009/04/28 22:14:07 | 00,058,904 | ---- | M] () -- C:\WINDOWS\System32\is4tray.dll
[2009/04/27 07:37:20 | 00,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/23 08:38:32 | 01,606,696 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\TeamViewerQS_fr.exe
[2009/04/21 20:45:20 | 00,304,439 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090509-101727.backup
[2009/04/21 20:38:22 | 00,001,056 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Spybot - Search & Destroy.lnk
[2009/04/21 20:19:11 | 00,000,114 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-204520.backup
[2009/04/21 18:04:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2009/04/21 18:00:45 | 00,309,200 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-201842.backup
[2009/04/21 18:00:45 | 00,309,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-201911.backup
[2009/04/21 17:53:05 | 00,000,239 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/21 16:56:59 | 00,309,200 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-180045.backup
[2009/04/20 20:32:50 | 00,000,552 | ---- | M] () -- C:\Documents and Settings\NouvelAdministrateur\Bureau\Raccourci vers Bureau.lnk
[2009/04/18 16:11:21 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/18 13:24:06 | 00,001,480 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/04/18 13:24:02 | 00,309,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090421-165659.backup

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
________________________________________________________________________________________________________________

A +
Merci.
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Messagede nickW » 18 Mai 2009, 00:27

Bonsoir,

System Volume Information n'a jamais été accessible facilement!
(sauf savantes manipulations: http://support.microsoft.com/kb/309531)

Pourquoi veux-tu ouvrir ce dossier?



Quel est le type de "plantage" au lancement de VLC et Google Earth? (message d'erreur exact)

As-tu essayé de désinstaller puis réinstaller ces logiciels?


Si ton pare-feu (PC Tools Firewall Plus) est actif, tu dois désactiver celui de Windows.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nicop » 18 Mai 2009, 16:22

Bonjour,

System Volume Information n'a jamais été accessible facilement!
(sauf savantes manipulations: http://support.microsoft.com/kb/309531)

Pourquoi veux-tu ouvrir ce dossier?

Je ne tiens pas spécialement à l'ouvrir, mais je pensais que son inaccessibilité était due au premier message d'erreur d'Antivir ; donc, pas de problème.

Quel est le type de "plantage" au lancement de VLC et Google Earth? (message d'erreur exact)

Pas de message d'erreur ; le logiciel n'a pas le temps de s'ouvrir, puis bureau et pointeur de souris figés (j'ai essayé d'attendre 5 mn mais ça reste planté) ; aucune commande opérationnelle, même Ctrl Alt Supp) ; obligation d'éteindre "à la hussarde" : appui prolongé sur le bouton marche/arrêt.

As-tu essayé de désinstaller puis réinstaller ces logiciels?

Je viens de les désinstaller proprement (avec nettoyage registre via JV16), et de les réinstaller (via TotalUninstall).
Toujours le même plantage.
De plus, j'ai testé tous les logiciels installés, et deux autres provoquent exactement les mêmes effets :
-Quick Time
-Adobe Image Ready

Qu'en penses-tu?
Avatar de l’utilisateur
nicop
 
Messages: 371
Inscription: 21 Jan 2005, 11:00
Localisation: Pyrénées

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 25 invités