SVP Logs HiJackThis, Merci Beaucoup

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

SVP Logs HiJackThis, Merci Beaucoup

Messagede Noel CASANOVA » 16 Déc 2008, 20:25

Bonjour,

Avec ma très grande compétence ! issue de nombreuses lectures sur le net, je pense que nos PC sont infectés et qu'ils servent de "Zombies" .
Pour être sérieux, cela fait maintenant quasiment 3 semaines que je galère avec bonne humeur et insistance.

Ma configuration :
_ 1 lien ADSL suivi d'un routeur avec un LAN + WiFi,
_ 1 PC sous Windows XP Pro SP3, IE 7, Avast Familial et le Firewall Windows, l'ensemble à jour, avec Office 2003 et des logiciels plus ou moins utilisés pour certains mais c'est mon outil de travail.
_ 2 PC sous Windows XP Fam SP3, IE 7, Avast Familial et le Firewall Windows, l'ensemble à jour, avec Office 2003.
_ Printer HP Photosmart 7280 en réseau.

Sur ces 3 PC on travaille sur un compte Administrateur (maintenant, je sais qu'il ne faut pas).

Mon besoin N°1 est de pouvoir utiliser mon PC de travail, je limite donc volontairement cet appel à l'aide dans un premier temps à ce PC sous W XP Pro qui m'est indispensable et je remercie d'avance celui qui voudra bien m'aider.
Sur ce PC (à première vue c'est quasi la même chose sur les autres), j'ai pu voir avec l'Outil d'Administration "Performances" que :
Quand le PC est connecté sur Internet toute la puissance machine est consommée et donc qu'il est quasi inutilisable.
Par contre, quand je coupe WiFi, (et après un 2ème reboot me semble-t-il) je peux travailler sans problème apparent.

Pour être franc, j'ai essayé de me débrouiller seul sans succès (j'ai malheureusement fait des correction avec HiJackThis contrairement à ce qui est demandé dans PAD mais je ne le savais pas).
Avast a vu l'infection Warezov_FM (WM) dans Documents and Setting\...\Local Stting\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers Personnels\Partie supérieure des Dossiers Personnel\Boite de Réception\Mai server Report\Up-Date-KB5984x86.exe. Chaque fois que j'essaie de le supprimer, il réapparaît.
Ensuite j'ai vu qu'il y avait un Rogue que j'ai éliminé (Win32 ... mais je n'ai pas noté le nom exact).
Je n'ai aucune de fenêtre intempestive de pub sur ce PC.
Par ailleurs,
Depuis que nous avons le Printer HP, le pare-feu Windows est bloqué tant que le logiciel du printer n'est pas actif.
Un jour, j'ai eu un message me demandant si je voulais laisser actif "Machine Distant Manager" (j'ai répondu non) une autre fois, alors que je récupérais mes mails sur Outlook , le programme "PC de San" c'est installé tout seul sans que je puisse le bloquer.

Ensuite, après avoir trouvé le super forum ASSITE, j'ai suivi le guide défini sur le site : PAD (attention, je ne suis pas compétent).

Donc, ci-dessous, successivement, HJT1xxx puis HJT2xxx et Smitxxx.

Comme il est demandé sur ce forum, je me lance pas d'autre appel à l'aide.
Un GRAND MERCI d'avance à celui qui voudra bien m'aider,


HJT1_PC_NC_Port.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:21, on 05/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\WL.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\NCH Swift Sound\Talk\talk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\STDSB.exe
C:\WINDOWS\System32\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SolidWorks\SolidWorks_2008\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ratptr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\aets\Bureau\HJkscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WL] C:\WINDOWS\System32\WL.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Talk] "C:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\SolidWorks\SolidWorks_2008\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Mouse_Buttons_Swapper] ratptr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/do ... ysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3960096558
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 11039 bytes


HJT2_PC_NC_Port.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:45, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\WL.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\NCH Swift Sound\Talk\talk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\Icon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\STDSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\SolidWorks\SolidWorks_2008\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ratptr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\aets\Bureau\HJkscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WL] C:\WINDOWS\System32\WL.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Talk] "C:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\SolidWorks\SolidWorks_2008\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Mouse_Buttons_Swapper] ratptr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro3.cce.hp.com/ChatEntry/do ... ysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3960096558
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 10712 bytes

SmitFraudFix v2.385

Rapport fait à 14:58:19,46, 16/12/2008
Executé à partir de C:\Documents and Settings\aets\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\aets


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\aets\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\aets\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\aets\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B42FDEEB-0958-444A-B6D3-BB824BB04660}: DhcpNameServer=192.168.1.11 192.168.1.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B42FDEEB-0958-444A-B6D3-BB824BB04660}: DhcpNameServer=192.168.1.11 192.168.1.11
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B42FDEEB-0958-444A-B6D3-BB824BB04660}: DhcpNameServer=192.168.1.11 192.168.1.11


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Un grand merci d'avance à celui qui voudra bien m'aider et bon courage à tout le monde.
Cordialement,

Noel CASANOVA
Noel CASANOVA
 
Messages: 8
Inscription: 13 Déc 2008, 11:18
Localisation: Paris

Messagede nickW » 18 Déc 2008, 01:17

Bonsoir,

Remarque préliminaire:
Pour pouvoir utiliser les sauvegardes créées par HijackThis, il faut que le programme HijackThis soit installé dans un dossier non système, non temporaire, et qui lui est réservé.
Je te conseille donc
*- de créer un dossier (par exemple: C:\HJT)
*- d'y déplacer le fichier HijackThis.exe
Si tu le laisses tel qu'il est actuellement, sur le Bureau, pas de sauvegardes aisément exploitables (donc plus aucune possibilité de faire "marche arrière").


Premières recherches, création de deux rapports (logs) détaillés:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: OTListIt2 (de OldTimer), téléchargement
Télécharger OTListIt2.exe depuis http://oldtimer.geekstogo.com/OTListIt2.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Malwarebytes' Anti-Malware, installation
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".


Étape 3: VirusTotal
Aller sur le site http://www.virustotal.com/fr/ - Note: Javascript doit être activé.

Sous Envoyer un fichier, cliquer sur le bouton Parcourir
Dans la fenêtre "Envoi du fichier", naviguer jusqu'au dossier C:\WINDOWS\System32, puis sélectionner le fichier Icon.exe et cliquer sur le bouton Ouvrir

Le fichier est envoyé. Si Virustotal annonce que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
Il est possible que l'analyse soit mise en file d'attente (si de nombreuses demandes d'analyse sont en cours). Il faut dans ce cas patienter, sans Actualiser la page.
Laisser l'analyse se dérouler, tant que la mention en cours d'analyse est affichée.

Lorsque l'analyse est terminée (affichage de Situation actuelle: terminé), cliquer sur Image Formaté (situé juste sous le cadre Fichier... reçu le... - Résultat...)

Il y a ouverture d'une nouvelle fenêtre du navigateur. cliquer sur la seconde image à partir de la gauche: Image

Faire un clic droit sur la page puis choisir Sélectionner tout, faire de nouveau un clic droit puis choisir Copier
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Dans cette fenêtre du Bloc-notes, faire un clic droit et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom VT-1.txt
Fermer le Bloc-notes.


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 5: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt.


Étape 8: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le résultat de l'analyse sur VirusTotal (contenu du fichier VT-1.txt)

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Noel CASANOVA » 18 Déc 2008, 14:41

Bonjour nickW et merci beaucoup de vouloir prendre en compte ma demande d'aide.

Avant de vous transmettre les info demandées, je vous informe que mon PC est de plus en plus lent et maintenant, malheureusement, même hors connection WiFi.

Cela étant, successivement, ci-dessous comme défini le log Malwarebytes et VT-1

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1512
Windows 5.1.2600 Service Pack 3

18/12/2008 13:48:20
mbam-log-2008-12-18 (13-48-20).txt

Type de recherche: Examen rapide
Eléments examinés: 73266
Temps écoulé: 12 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



Fichier Icon.exe reçu le 2008.12.18 13:23:43 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.0 2008.12.18 -
AntiVir 7.9.0.45 2008.12.18 -
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.18 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.18 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6267 2008.12.18 -
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 -
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 -
McAfee 5467 2008.12.18 -
McAfee+Artemis 5467 2008.12.18 -
Microsoft 1.4205 2008.12.18 -
NOD32 3702 2008.12.18 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.18 -
Rising 21.08.32.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 -
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1525 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -

Information additionnelle
File size: 192512 bytes
MD5...: cad3cb308e5b8f0b1bdc51a6f37e00f9
SHA1..: 5125e6ea03f9ef1d2bf71ae1f72a322c4e84bf56
SHA256: 6b334f860567ed172a797b299e8bb683ef347f99ef5aa7862e5c983acf0b2108
SHA512: e1bd43e1b3c4af2c24eb9c3649e7752efbac124d7ab2730794f82b1196ee96bc<BR>2f53df8c459dd269d900371954b3cd75afc0b87105c4b79305b07a7affee9390<BR>
ssdeep: 3072:Wloi2zz9s0QsqKrKYtIXItjmkYSDlzYQi/AiPWBSTn/Y3pvGoGrUosCG:/c<BR>0Qs9KYiXItp3GQA8k/Kno<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win64 Executable Generic (54.6%)<BR>Win32 Executable MS Visual C++ (generic) (24.0%)<BR>Windows Screen Saver (8.3%)<BR>Win32 Executable Generic (5.4%)<BR>Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x409952<BR>timedatestamp.....: 0x3f0bbe2d (Wed Jul 09 07:03:09 2003)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1ffbb 0x20000 6.60 3f81c3c1a634c673044e9d1b67d5897a<BR>.rdata 0x21000 0x87d0 0x9000 4.59 8f1ada16078afe310f53b1b1e135a0f2<BR>.data 0x2a000 0x6348 0x2000 4.40 183385ea9542b3798f3ecb279e055eb4<BR>.rsrc 0x31000 0x29b8 0x3000 4.28 e28996991e5f16d98fc499ad619a2b42<BR><BR>( 13 imports ) <BR>&gt; WINIO.dll: InitializeWinIo, ShutdownWinIo, GetPortVal, SetPortVal<BR>&gt; KERNEL32.dll: ExitProcess, TerminateProcess, RtlUnwind, GetCommandLineA, GetStartupInfoA, HeapAlloc, HeapFree, RaiseException, FormatMessageA, HeapReAlloc, GetACP, UnhandledExceptionFilter, FreeEnvironmentStringsA, HeapSize, GetEnvironmentStrings, GetEnvironmentStringsW, GetTimeZoneInformation, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsW, CreateFileA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetFileTime, GetFileSize, GetFileAttributesA, GetTickCount, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetFileType, GetStdHandle, GetCurrentProcess, FreeLibrary, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, DuplicateHandle, SetErrorMode, GetThreadLocale, SizeofResource, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedIncrement, InterlockedDecrement, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, lstrcmpA, GetCurrentThread, LoadLibraryA, LCMapStringA, LCMapStringW, SetHandleCount, GetProfileStringA<BR>&gt; USER32.dll: CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, CharUpperA, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, MapDialogRect, SetWindowContextHelpId, EndDialog, CreateDialogIndirectParamA, GetMessageA, TranslateMessage, GetActiveWindow, ValidateRect, GetCursorPos, SetCursor, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, IsWindowEnabled, ShowWindow, IsDialogMessageA, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, LoadCursorA, PeekMessageA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, GetSysColorBrush, SetWindowTextA, MoveWindow, GetSysColor, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, SetTimer, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA, EnableWindow, RegisterHotKey, UnregisterHotKey, GetFocus, DispatchMessageA, PostQuitMessage, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, IsWindowUnicode, UnregisterClassA<BR>&gt; GDI32.dll: BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateDIBitmap, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, IntersectClipRect<BR>&gt; comdlg32.dll: GetFileTitleA<BR>&gt; WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter<BR>&gt; ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA<BR>&gt; SHELL32.dll: Shell_NotifyIconA<BR>&gt; COMCTL32.dll: -<BR>&gt; oledlg.dll: -<BR>&gt; ole32.dll: CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal<BR>&gt; OLEPRO32.DLL: -<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -<BR><BR>( 0 exports ) <BR>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.0 2008.12.18 -
AntiVir 7.9.0.45 2008.12.18 -
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.18 -
BitDefender 7.2 2008.12.18 -
CAT-QuickHeal 10.00 2008.12.18 -
ClamAV 0.94.1 2008.12.18 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.18 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6267 2008.12.18 -
Ewido 4.0 2008.12.18 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.18 -
Fortinet 3.117.0.0 2008.12.18 -
GData 19 2008.12.18 -
Ikarus T3.1.1.45.0 2008.12.18 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.18 -
McAfee 5467 2008.12.18 -
McAfee+Artemis 5467 2008.12.18 -
Microsoft 1.4205 2008.12.18 -
NOD32 3702 2008.12.18 -
Panda 9.0.0.4 2008.12.18 -
PCTools 4.4.2.0 2008.12.18 -
Prevx1 V2 2008.12.18 -
Rising 21.08.32.00 2008.12.18 -
SecureWeb-Gateway 6.7.6 2008.12.18 -
Sophos 4.37.0 2008.12.18 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.18 -
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.18 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.18.1525 2008.12.18 -
VirusBuster 4.5.11.0 2008.12.17 -

Information additionnelle
File size: 192512 bytes
MD5...: cad3cb308e5b8f0b1bdc51a6f37e00f9
SHA1..: 5125e6ea03f9ef1d2bf71ae1f72a322c4e84bf56
SHA256: 6b334f860567ed172a797b299e8bb683ef347f99ef5aa7862e5c983acf0b2108
SHA512: e1bd43e1b3c4af2c24eb9c3649e7752efbac124d7ab2730794f82b1196ee96bc<BR>2f53df8c459dd269d900371954b3cd75afc0b87105c4b79305b07a7affee9390<BR>
ssdeep: 3072:Wloi2zz9s0QsqKrKYtIXItjmkYSDlzYQi/AiPWBSTn/Y3pvGoGrUosCG:/c<BR>0Qs9KYiXItp3GQA8k/Kno<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win64 Executable Generic (54.6%)<BR>Win32 Executable MS Visual C++ (generic) (24.0%)<BR>Windows Screen Saver (8.3%)<BR>Win32 Executable Generic (5.4%)<BR>Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x409952<BR>timedatestamp.....: 0x3f0bbe2d (Wed Jul 09 07:03:09 2003)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1ffbb 0x20000 6.60 3f81c3c1a634c673044e9d1b67d5897a<BR>.rdata 0x21000 0x87d0 0x9000 4.59 8f1ada16078afe310f53b1b1e135a0f2<BR>.data 0x2a000 0x6348 0x2000 4.40 183385ea9542b3798f3ecb279e055eb4<BR>.rsrc 0x31000 0x29b8 0x3000 4.28 e28996991e5f16d98fc499ad619a2b42<BR><BR>( 13 imports ) <BR>&gt; WINIO.dll: InitializeWinIo, ShutdownWinIo, GetPortVal, SetPortVal<BR>&gt; KERNEL32.dll: ExitProcess, TerminateProcess, RtlUnwind, GetCommandLineA, GetStartupInfoA, HeapAlloc, HeapFree, RaiseException, FormatMessageA, HeapReAlloc, GetACP, UnhandledExceptionFilter, FreeEnvironmentStringsA, HeapSize, GetEnvironmentStrings, GetEnvironmentStringsW, GetTimeZoneInformation, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsW, CreateFileA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetFileTime, GetFileSize, GetFileAttributesA, GetTickCount, FileTimeToLocalFileTime, FileTimeToSystemTime, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetFileType, GetStdHandle, GetCurrentProcess, FreeLibrary, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, DuplicateHandle, SetErrorMode, GetThreadLocale, SizeofResource, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedIncrement, InterlockedDecrement, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, lstrcmpA, GetCurrentThread, LoadLibraryA, LCMapStringA, LCMapStringW, SetHandleCount, GetProfileStringA<BR>&gt; USER32.dll: CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, CharUpperA, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, MapDialogRect, SetWindowContextHelpId, EndDialog, CreateDialogIndirectParamA, GetMessageA, TranslateMessage, GetActiveWindow, ValidateRect, GetCursorPos, SetCursor, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, IsWindowEnabled, ShowWindow, IsDialogMessageA, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, LoadCursorA, PeekMessageA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, GetSysColorBrush, SetWindowTextA, MoveWindow, GetSysColor, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, SetTimer, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA, EnableWindow, RegisterHotKey, UnregisterHotKey, GetFocus, DispatchMessageA, PostQuitMessage, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, IsWindowUnicode, UnregisterClassA<BR>&gt; GDI32.dll: BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateDIBitmap, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox, IntersectClipRect<BR>&gt; comdlg32.dll: GetFileTitleA<BR>&gt; WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter<BR>&gt; ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA<BR>&gt; SHELL32.dll: Shell_NotifyIconA<BR>&gt; COMCTL32.dll: -<BR>&gt; oledlg.dll: -<BR>&gt; ole32.dll: CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal<BR>&gt; OLEPRO32.DLL: -<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -<BR><BR>( 0 exports ) <BR>

Ensuite, si mon PC est OK, viennent dans 2 messages les OTListIT et Extras.

Merci bien nickW et bonne journée à tous,
Cordialement,

Noel CASANOVA
Noel CASANOVA
 
Messages: 8
Inscription: 13 Déc 2008, 11:18
Localisation: Paris

Messagede Noel CASANOVA » 18 Déc 2008, 14:56

Bonjour à tous,

Remarque préliminaire sur le mode opératoire que j'ai employé :
Avant l'étape 4, j'ai arrêté le lien WiFi et donc, quand j'ai lancé OTListIt2 une première fois, lors du scan, une fenêtre Warning m'a indiquée que la connection à un site n'était pas possible.
J'ai donc réactivé le lien WiFi et ai relancé OTListIt2. Les logs ci-dessous sont ceux du 2ème scan.

OTListIt logfile created on: 18/12/2008 14:02:09 - Run
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\aets\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,47 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 60,10% Memory free
1,46 Gb Paging File | 0,96 Gb Available in Paging File | 65,32% Paging File free
Paging file location(s): C:\pagefile.sys 144 288;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,25 Gb Total Space | 7,29 Gb Free Space | 20,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,91 Gb Total Space | 0,82 Gb Free Space | 42,82% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NC_PORTABLE
Current User Name: aets
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe
[2003/03/19 10:55:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
[2007/02/10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2002/12/17 15:42:04 | 01,823,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
[2003/01/17 01:02:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2007/02/05 14:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2002/08/30 12:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2002/08/30 12:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe
[2003/07/09 14:02:28 | 00,315,392 | ---- | M] () -- C:\WINDOWS\system32\WL.exe
[2003/03/27 16:43:00 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2003/03/27 16:43:00 | 00,634,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2002/02/27 17:30:56 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\STDSB.exe
[2003/03/27 15:34:58 | 00,053,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/10/26 15:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2008/07/07 08:34:59 | 00,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\SolidWorks\SolidWorks_2008\PowerISO\PWRISOVM.EXE
[2002/01/17 06:39:42 | 00,214,528 | ---- | M] (Intersil Corporation) -- C:\WINDOWS\system32\PRISMSTA.EXE
[2001/12/18 13:55:24 | 00,024,576 | ---- | M] (Semtech) -- C:\WINDOWS\system32\ratptr.exe
[2003/05/29 16:26:48 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2005/06/07 10:31:00 | 00,819,712 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[2003/07/09 14:03:12 | 00,192,512 | ---- | M] () -- C:\WINDOWS\system32\Icon.exe
[2008/04/17 20:53:43 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[2005/06/08 15:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
[2008/05/27 07:59:25 | 00,679,940 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\Talk\talk.exe
[2007/06/29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2005/05/31 13:32:28 | 00,103,424 | ---- | M] (Nokia.) -- C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
[2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2005/08/10 06:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
[2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2006/02/24 10:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2007/11/02 18:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
[2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
[2006/01/20 14:35:58 | 00,196,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
[2007/10/14 21:17:32 | 00,122,880 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe
[2008/12/18 11:47:30 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aets\Bureau\OTListIt2.exe
[2007/02/05 14:32:28 | 00,182,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2007/02/05 14:31:10 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe

========== (O23) Win32 Services (SafeList) ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/06 09:18:06 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2003/03/19 10:55:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
[2007/02/10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
[2005/10/14 11:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2002/12/17 15:42:04 | 01,823,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe -- (MSSQLServerOLAPService [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2003/01/17 01:02:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])
[2008/08/02 14:39:05 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
[2007/02/10 14:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
[2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2002/01/05 13:45:27 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio .NET\Common7\Tools\Analyzer\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2007/02/05 14:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services (SafeList) ==========

[2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2003/12/19 06:44:58 | 00,027,135 | R--- | M] (ADMtek Incorporated) -- C:\WINDOWS\system32\drivers\ADM851X.SYS -- (ADM851X [On_Demand | Stopped])
[2003/04/01 16:51:30 | 00,719,052 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2008/04/14 02:54:29 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Stopped])
[2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/23 16:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2003/04/03 09:27:46 | 00,076,288 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\drivers\EMCR7SK.sys -- (ENE [On_Demand | Running])
[2003/01/15 15:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
[2004/02/04 13:19:32 | 00,024,177 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
[2004/02/04 13:19:16 | 00,057,372 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
[2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped])
[2002/11/20 13:52:36 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3 [On_Demand | Stopped])
[2007/11/01 12:28:06 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2007/11/01 12:28:06 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2007/11/01 12:28:07 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2003/06/13 19:48:34 | 00,089,787 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2001/08/17 21:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2002/07/12 14:41:06 | 00,005,212 | ---- | M] ( ) -- C:\WINDOWS\system32\STDSB.SYS -- (MTC0003_STDSB [Auto | Running])
[2003/02/06 10:22:38 | 00,210,128 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2003/02/06 10:25:00 | 01,290,760 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2008/05/27 07:56:10 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
[2005/05/27 14:13:12 | 00,007,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
[2005/05/27 14:13:12 | 00,011,001 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
[2005/05/27 14:13:12 | 00,128,295 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
[2004/03/24 03:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5 [On_Demand | Stopped])
[2003/02/05 16:25:56 | 00,162,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])
[2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/01/17 06:21:12 | 00,049,152 | ---- | M] (Intersil Corporation) -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB [On_Demand | Stopped])
[2002/08/30 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/10/26 21:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2004/08/03 21:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent [On_Demand | Stopped])
[2008/07/07 08:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/06/28 11:08:56 | 00,042,752 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
[2005/09/02 22:06:35 | 00,042,240 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms [On_Demand | Stopped])
[2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2003/02/05 16:42:40 | 00,506,912 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])
[2003/02/17 18:09:18 | 00,085,552 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2003/01/17 00:19:32 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2001/08/23 16:20:50 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam [On_Demand | Running])
[2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2003/03/27 16:35:00 | 00,268,784 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/12/18 11:06:18 | 00,007,896 | ---- | M] (Semtech ) -- C:\WINDOWS\system32\drivers\tscrlf.sys -- (tscrlf [On_Demand | Stopped])
[2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2005/05/01 00:01:55 | 03,281,408 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2003/03/27 06:57:24 | 02,379,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51 [On_Demand | Stopped])
[2006/02/20 16:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped])
[2006/02/20 16:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
[2006/02/20 16:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
[2006/02/20 16:59:34 | 00,085,408 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
[2006/02/20 16:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped])
[2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2003/06/13 19:49:42 | 00,114,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
[2003/06/13 19:49:34 | 00,080,512 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])
[2003/06/13 19:48:40 | 00,033,847 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\wa301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Running])
[2002/03/01 22:21:00 | 00,004,944 | ---- | M] () -- C:\WINDOWS\system32\WinIo.sys -- (WINIO [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1790041889-176474126-2521969853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1790041889-176474126-2521969853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1790041889-176474126-2521969853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1790041889-176474126-2521969853-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKU\S-1-5-21-1790041889-176474126-2521969853-1004\S-1-5-21-1790041889-176474126-2521969853-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (289973 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9986 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\..\Toolbar: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Mouse_Buttons_Swapper] ratptr.exe (Semtech)
O4 - HKLM..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START (Intersil Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\SolidWorks\SolidWorks_2008\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Talk] "C:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon (NCH Software)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [WL] C:\WINDOWS\System32\WL.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004..\Run: [Sonic RecordNow!] File not found
O4 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: (msn in My Computer)
O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\..Trusted Sites: (msn in My Computer)
O15 - HKU\S-1-5-21-1790041889-176474126-2521969853-1004\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro3.cce.hp.com/ChatEntry/do ... ysinfo.cab (SysData Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v ... 3960096558 (WUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CD123-2222-11CF-96B8-411553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mctp - Reg Error: Key does not exist or could not be opened. File not found
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##bd#Office Professionnel 2003\Shell]
"" = AutoRun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e98b8d1-3faa-11dd-af83-0040d05af4ee}\Shell\AutoRun\command]
"" = D:\WD_Windows_Tools\Setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff02b6b1-86de-11dc-ad82-0040d05af4ee}\Shell\Auto\command]
"" = AdobeR.exe e


========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2008/12/18 13:10:53 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\aets\Bureau\Raccourci vers mbam.exe.lnk
[2008/12/18 12:59:26 | 00,000,459 | ---- | C] () -- C:\Documents and Settings\aets\Bureau\Raccourci vers HiJackThis.exe.lnk
[2008/12/18 12:43:53 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aets\Bureau\OTListIt2.exe
[2008/12/18 09:33:56 | 15,765,87264 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/16 14:58:27 | 00,004,668 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/12/16 14:57:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aets\Bureau\SmitfraudFix
[2008/12/16 14:53:38 | 01,660,419 | ---- | C] () -- C:\Documents and Settings\aets\Bureau\SmitfraudFix.exe
[2008/12/11 22:09:49 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/11 12:54:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aets\Local Settings\Application Data\Mozilla
[2008/12/11 12:54:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aets\Application Data\Mozilla
[2008/12/11 12:44:55 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\aets\Bureau\spybotsd160.exe
[2008/12/11 12:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/12/11 12:01:49 | 00,001,551 | ---- | C] () -- C:\Documents and Settings\aets\Bureau\CCleaner.lnk
[2008/12/11 12:01:48 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/11 12:00:51 | 00,911,000 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\aets\Bureau\ccleaner-crap-cleaner_ccleaner.exe
[2008/12/11 11:57:22 | 00,000,936 | ---- | C] () -- C:\Documents and Settings\aets\Bureau\Spybot - Search & Destroy.lnk
[2008/12/11 11:56:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/11 11:56:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/05 18:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aets\Application Data\Malwarebytes
[2008/12/05 18:48:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/05 18:48:09 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/05 18:48:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/05 18:48:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/05 00:30:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/11/26 10:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2008/11/26 10:40:35 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2008/11/26 10:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aets\Bureau\Programme d'installation d'Adobe Reader 9
[2008/11/26 10:29:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/26 10:29:48 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/11/25 18:44:31 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2008/11/25 18:41:31 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\HP Photosmart Essential 2.5.lnk
[2008/11/25 18:38:30 | 00,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
[2008/11/25 18:37:32 | 00,001,061 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Centre de solutions HP.lnk
[2008/11/25 18:37:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/11/25 18:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2008/11/25 18:36:00 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\HP
[2008/11/25 18:31:02 | 00,185,334 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008/11/25 18:31:02 | 00,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat

========== Files - Modified Within 30 Days ==========

[5 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/18 13:10:53 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\aets\Bureau\Raccourci vers mbam.exe.lnk
[2008/12/18 13:00:10 | 00,000,459 | ---- | M] () -- C:\Documents and Settings\aets\Bureau\Raccourci vers HiJackThis.exe.lnk
[2008/12/18 11:47:30 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aets\Bureau\OTListIt2.exe
[2008/12/18 11:35:21 | 00,017,930 | ---- | M] () -- C:\Documents and Settings\aets\Application Data\mainhst.zgh
[2008/12/18 10:54:27 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/18 10:45:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/18 10:44:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/18 10:44:56 | 15,765,87264 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/18 09:37:30 | 00,000,847 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/18 09:37:30 | 00,000,291 | -HS- | M] () -- C:\BOOT.INI
[2008/12/18 09:37:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/16 20:51:59 | 00,003,112 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/16 14:58:27 | 00,004,668 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/12/15 11:04:14 | 00,001,930 | ---- | M] () -- C:\WINDOWS\System32\PDFSPO~1.ERR
[2008/12/13 23:28:18 | 01,660,419 | ---- | M] () -- C:\Documents and Settings\aets\Bureau\SmitfraudFix.exe
[2008/12/12 21:14:57 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/11 12:12:21 | 00,289,973 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/11 12:01:50 | 00,001,551 | ---- | M] () -- C:\Documents and Settings\aets\Bureau\CCleaner.lnk
[2008/12/11 12:00:51 | 00,911,000 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\aets\Bureau\ccleaner-crap-cleaner_ccleaner.exe
[2008/12/11 11:57:22 | 00,000,936 | ---- | M] () -- C:\Documents and Settings\aets\Bureau\Spybot - Search & Destroy.lnk
[2008/12/10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 12:19:22 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/27 14:09:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/27 09:14:03 | 00,001,061 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Centre de solutions HP.lnk
[2008/11/26 18:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/11/26 18:18:25 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/11/26 18:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/11/26 18:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2008/11/25 18:48:02 | 00,185,334 | ---- | M] () -- C:\WINDOWS\hpoins21.dat
[2008/11/25 18:41:31 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\HP Photosmart Essential 2.5.lnk
[2008/11/25 18:38:30 | 00,001,811 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\Thumbs.db:encryptable
<End>

Merci nickW.
Cordialement,

Noel CASANOVA
Noel CASANOVA
 
Messages: 8
Inscription: 13 Déc 2008, 11:18
Localisation: Paris

Messagede Noel CASANOVA » 18 Déc 2008, 15:04

Bonjour à tous

Voir la remarque initiale du message antérieur.

Ci-dessous, le fichier Extra de OTListIt demandé par nickW :

OTListIt Extras logfile created on: 18/12/2008 14:02:09 - Run
OTListIt2 by OldTimer - Version 1.0.1.0 Folder = C:\Documents and Settings\aets\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,47 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 60,10% Memory free
1,46 Gb Paging File | 0,96 Gb Available in Paging File | 65,32% Paging File free
Paging file location(s): C:\pagefile.sys 144 288;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 35,25 Gb Total Space | 7,29 Gb Free Space | 20,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,91 Gb Total Space | 0,82 Gb Free Space | 42,82% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NC_PORTABLE
Current User Name: aets
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2007/08/22 16:31:14 | 00,062,880 | R--- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
[2007/08/22 16:34:30 | 00,143,360 | R--- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2007/08/22 16:34:28 | 04,531,616 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\xerox\Network Scan\XrsUt12.exe:*:Enabled:xrsut12
File not found -- C:\WINDOWS\system32\xrsslm12.exe:*:Enabled:xrsslm12
File not found -- Q:\SCS_CD.EXE:*:Enabled:SCS_CD
[2008/04/17 20:53:51 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/05/27 07:59:25 | 00,679,940 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\Talk\talk.exe:*:Enabled:Express Talk
File not found -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Disabled:pcAnywhere Host Service
File not found -- C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Disabled:pcAnywhere Main Program
File not found -- C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service
[2007/08/22 16:31:14 | 00,062,880 | R--- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
[2007/08/22 16:34:30 | 00,143,360 | R--- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
[2007/08/22 16:34:28 | 04,531,616 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
File not found -- Q:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
[2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2007/11/02 18:44:16 | 00,283,992 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2007/11/02 18:44:16 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2007/11/29 23:04:40 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2007/11/02 18:44:16 | 00,566,616 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2007/11/29 23:04:40 | 00,075,096 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2007/12/20 11:05:54 | 01,421,312 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
[2007/10/31 14:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
File not found -- C:\Program Files\UltraVNC\vncviewer.exe:*:Disabled:vncviewer
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:LocalSubNet:Disabled:Exécuter une DLL en tant qu'application
[2008/04/14 03:34:11 | 01,415,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console
[2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:LocalSubNet:Disabled:ActiveSync Connection Manager
[2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
[2006/10/18 10:39:24 | 00,049,152 | ---- | M] (Alibre, Inc.) -- C:\Program Files\Alibre Design\alibre.exe:*:Disabled:Alibre Design
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
[2008/04/14 03:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
[2008/06/10 17:04:58 | 00,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client
File not found -- C:\Documents and Settings\aets\Local Settings\Temp\7zS8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{005F040C-6759-11D5-A54F-0090278A1BB8}" = Visual Studio .NET Enterprise Architect - French
"{043ECF7B-4724-4F7B-8A9D-BC22719E95F7}" = Microsoft SQL Server Compact 3.5 Design Tools FRA
"{06E40992-8934-4F1F-AEDF-DA243AD4017A}" = SNOOPER JET Téléchargement
"{07933992-A6A0-11D4-9742-0008C7255265}" = Paie 100
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15FDF9D0-EA19-4D90-A1EA-FCF0F3387957}" = Alibre Part Library 4.1.1
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33471FA2-1DE4-47e9-9FDB-828B341BA4FA}" = hpg4370QFolder
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3D249F10-79EC-48D4-93E5-C470ABE523FA}" = Nokia Connectivity Cable Driver
"{3F59A7E0-BC01-4435-9E93-C7D7015C21DA}" = Microsoft SQL Server 2005 Tools Express Edition
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2720.8)
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{47F21113-0D9A-11D5-8132-00C04FA0998D}" = Alibre Design
"{480DBB60-F0B6-45F2-B26F-1A2E11197791}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{48E87842-6352-44EC-B005-9EC29A82AD7B}" = Application Suite
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57CBD11F-C8FC-477B-8B3E-B5027A130318}" = Visual Studio.NET Baseline - French
"{58B0F3ED-6FAE-486C-9AB9-1C06514097B4}" = RealSpeak Solo pour la voix francaise Virginie
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5CF5C6EF-09AB-4B4C-9816-44F4EDCC406B}" = MSMail2003
"{617095DB-B523-4D11-BBFD-2D74C2AD98B8}" = Nokia PC Suite
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A93264B-F1DC-4945-BFF0-16EF44654F7B}" = Infragistics NetAdvantage 2003 Vol. 1
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B908BF7-A583-4962-B068-69657D87CD56}" = Microsoft .NET Framework (French)
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C3EF33-057F-4149-B0F9-EBD44579E627}" = Moyens de Paiement 100
"{75FF1600-6330-43FA-9022-E0835BF20778}" = Microsoft SQL Server VSS Writer
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80864E88-1C1A-11D4-BEAA-00C04F61846C}" = Immobilisations
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006 avec récepteur GPS
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{903B040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9051040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{917A8327-6E13-337F-918A-5D3C452F339E}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{9308A8EB-1C1B-11D4-BFC8-00C04F6180C7}" = Comptabilité
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A65E49F4-9664-4E8D-AA8D-1E9ED17AB6C6}" = ScanSoft PDF Professional 3.0
"{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}" = SolidWorks Explorer 2008 sp0
"{AB47EEE8-507B-331F-AA28-B7C7257F014C}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-705000000001}" = Adobe Reader Chinese Traditional Fonts
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan LiDE 500F
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox 4.1
"{BE361597-42AC-4513-9BA6-FFAB310038FB}" = Microsoft SQL Server Compact 3.5 FRA
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE3DA0AA-6784-4548-84B6-E0F89637E407}" = SolidWorks 2008 SP0
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDF6C384-107F-11D4-AAD1-00C04F37F68C}" = Alibre Design Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1130)
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE4C3E00-CB98-4EE8-A1ED-150B4B3CC7F1}" = Microsoft Pocket Streets pour Pocket PC
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe InDesign 1.5" = Adobe InDesign 1.5
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Converter" = Microsoft Office Access 2.0 Converter
"DynaZip-NX" = DynaZip-NX 5.00.02
"EAGLE 4.11" = EAGLE 4.11
"ExpressDial" = Express Dial Uninstall
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HD Tune_is1" = HD Tune 2.51
"Hex Editor 3" = HHD Software Free Hex Editor 3.12
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D249F10-79EC-48D4-93E5-C470ABE523FA}" = Nokia Connectivity Cable Driver
"InstallShield_{617095DB-B523-4D11-BBFD-2D74C2AD98B8}" = Nokia PC Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework Full v1.0.3705 (1036)" = Microsoft .NET Framework (French) v1.0.3705
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft SQL Server 2000 Analysis Services" = Microsoft SQL Server 2000 Analysis Services
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library pour les éditions Microsoft Visual Studio 2008 Express
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"PRISM_WINDOWS" = Intersil PRISM Wireless LAN for Windows
"RealPlayer 6.0" = RealPlayer
"Semtech_ScreenCoder_USB" = Semtech ScreenCoder (USB)
"Shop for HP Supplies" = Shop for HP Supplies
"SoundTap" = SoundTap Streaming Audio Recorder
"Talk" = Express Talk
"TerraExplorer" = TerraExplorer
"ToolBox" = NCH Toolbox
"Utilitaires LanBooster V2.5.3_is1" = Utilitaires LanBooster V2.5.3
"Visual Studio .NET Enterprise Architect - French" = Microsoft Visual Studio .NET Enterprise Architect - Français
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"WavePad" = WavePad Uninstall
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows Mobile Device Handbook" = Ressources Windows Mobile
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 19/11/2008 04:25:12 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\RJ45S.SLDPRT failed, 00000005.

Error - 19/11/2008 04:25:13 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\SOCLE ROBEX 5 290703.SLDPRT failed, 00000005.

Error - 19/11/2008 04:25:13 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\SOKLE R5 010703.SLDASM failed, 00000005.

Error - 19/11/2008 04:25:13 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\TOLE R5 020703.SLDPRT failed, 00000005.

Error - 19/11/2008 04:25:13 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\TOLEPSCHOC.SLDDRW failed, 00000005.

Error - 19/11/2008 04:25:13 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\TOLEPSCHOC.SLDPRT failed, 00000005.

Error - 19/11/2008 04:25:14 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\TOLER5.SLDDRW failed, 00000005.

Error - 19/11/2008 04:25:14 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\AETS\MES DOCUMENTS\NC_ETUDES\AB_LITE\SOLIDWORKS\ROBEX5\SOCLESIMPLER5\SOCLE
290703\USBS.SLDPRT failed, 00000005.

Error - 03/12/2008 17:36:54 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 17/12/2008 18:12:51 | Computer Name = NC_PORTABLE | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

[ Application Events ]
Error - 11/12/2008 17:45:02 | Computer Name = NC_PORTABLE | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 939517030.

Error - 13/12/2008 04:39:39 | Computer Name = NC_PORTABLE | Source = MsiInstaller | ID = 1008
Description = L'installation de C:\WINDOWS\Installer\24dd0.msi n'est pas autorisée
en raison d'une erreur lors du traitement de la stratégie de restriction logicielle.
La confiance en l'objet ne peut pas être établie.

Error - 13/12/2008 04:39:47 | Computer Name = NC_PORTABLE | Source = MsiInstaller | ID = 1008
Description = L'installation de C:\WINDOWS\Installer\24dc8.msi n'est pas autorisée
en raison d'une erreur lors du traitement de la stratégie de restriction logicielle.
La confiance en l'objet ne peut pas être établie.

Error - 16/12/2008 05:02:48 | Computer Name = NC_PORTABLE | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe, version 5.1.2600.5512, module
défaillant hpslpsvc32.dll, version 100.0.170.0, adresse de défaillance 0x000410c9.

Error - 17/12/2008 14:30:54 | Computer Name = NC_PORTABLE | Source = Application Hang | ID = 1002
Description = Application bloquée OUTLOOK.EXE, version 11.0.8010.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/12/2008 17:44:29 | Computer Name = NC_PORTABLE | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe, version 5.1.2600.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 17/12/2008 17:44:33 | Computer Name = NC_PORTABLE | Source = Application Error | ID = 1000
Description = Application défaillante svchost.exe, version 5.1.2600.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 17/12/2008 17:46:47 | Computer Name = NC_PORTABLE | Source = Application Error | ID = 1004
Description = Application défaillante svchost.exe, version 5.1.2600.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 17/12/2008 17:50:30 | Computer Name = NC_PORTABLE | Source = Application Error | ID = 1004
Description = Application défaillante svchost.exe, version 5.1.2600.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 17/12/2008 17:53:06 | Computer Name = NC_PORTABLE | Source = Application Error | ID = 1001
Description = Détecteur d'erreurs 738702451.

[ System Events ]
Error - 18/12/2008 04:32:38 | Computer Name = NC_PORTABLE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18/12/2008 04:34:11 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7000
Description = Le service WLAN Transport n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 18/12/2008 04:34:11 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 18/12/2008 04:35:43 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 18/12/2008 04:39:30 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7000
Description = Le service WLAN Transport n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 18/12/2008 04:39:30 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 18/12/2008 04:41:09 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 18/12/2008 05:45:12 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7000
Description = Le service WLAN Transport n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 18/12/2008 05:45:12 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 18/12/2008 05:46:42 | Computer Name = NC_PORTABLE | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.


<End>

Merci nickW.
Cordialement,

Noel CASANOVA
Noel CASANOVA
 
Messages: 8
Inscription: 13 Déc 2008, 11:18
Localisation: Paris

Messagede nickW » 18 Déc 2008, 22:46

Bonsoir,


OTListIt2 n'a pas besoin de connexion internet ouverte.

Quel est le site vers lequel une connexion était demandée?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Noel CASANOVA » 18 Déc 2008, 23:11

Bonsoir nickW,

Concernant le site demandant la connexion, je n'ai pas eu le bon reflexe, j'ai considéré que j'avais fait une erreur et qu'il fallait me connecter.

L'adresse IP commençait par 75.

J'ai Tcpview (que je ne sais pas utiliser), peut être est-ce une solution pour voir quel est le site que transforme le PC en zombie.
Cela étant, je laisse à l'homme de l'art le choix de la méthode de travail.
Je reste à votre écoute modulo la lenteur de ma machine quand je veux me connecter.

Merci de votre aide et bonne soirée à tous.
Cordialement,

Noel CASANOVA
Noel CASANOVA
 
Messages: 8
Inscription: 13 Déc 2008, 11:18
Localisation: Paris

Messagede nickW » 20 Déc 2008, 01:08

Bonsoir,

Liste des ports ouverts sans connexion internet, puis avec connexion internet:


Étape 1: CurrPorts (de NirSoft)
Télécharger CurrPorts depuis la page: http://www.nirsoft.net/utils/cports.html

Voir en bas de page: Download CurrPorts (in Zip file)
et télécharger aussi le fichier de langue française en cliquant sur le lien "French".

Créer un nouveau dossier nommé Nirsoft et y décompresser (clic droit, puis Extraire tout) les deux archives téléchargées.

Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, ...). Désactiver la connexion internet.

Lancer CurrPorts par un double clic sur cports.exe (dans le dossier Nirsoft).

Cliquer sur le menu Edition (en haut), puis choisir Sélectionner tout.

Cliquer sur le menu Fichier (en haut), puis choisir Enregistrer les éléments sélectionnés.
Enregistrer le fichier sous le nom currports-log-1.txt
Fermer CurrPorts.


Étape 2: CurrPorts (de NirSoft)
Activer la connexion internet. Ouvrir une fenêtre d'Internet Explorer. Si ce n'est pas immédiat, attendre que le PC ralentisse :wink:.

Lancer CurrPorts par un double clic sur cports.exe (dans le dossier Nirsoft).

Cliquer sur le menu Edition (en haut), puis choisir Sélectionner tout.

Cliquer sur le menu Fichier (en haut), puis choisir Enregistrer les éléments sélectionnés.
Enregistrer le fichier sous le nom currports-log-2.txt
Fermer CurrPorts.


Étape 3: Résultats

Etant donné que ces logs contiennent des adresses IP, tu dois m'envoyer les résultats par MP (Message Privé).

Comme ces deux rapports sont très longs, il faut les déposer sur un serveur externe:
*- mettre les deux rapports (currports-log-1.txt et currports-log-2.txt) dans une archive currports-log.zip
*- Aller sur: http://www.yousendit.com/
(Javascript doit être activé)
*- Dans les zones To et From, saisir n'importe quoi avec un @ dedans (Exemples: abc@def.com et abcdef@def.com) et décocher la case située devant "Remember my email"
*- Sous Select a file, cliquer sur le bouton "Parcourir..." et aller jusqu'au fichier currports-log.zip puis le sélectionner (double clic).
*- Cliquer sur le bouton vert "Send It"
*- Il y aura affichage d'une nouvelle page dans laquelle tu trouveras un lien (sous "Here is the link for the file you uploaded:")

M'envoyer ce lien en MP.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 20 Déc 2008, 22:02

Bonsoir,

As-tu pensé à désactiver le service "Client DNS"?

Ouvrir la console de gestion des services:
Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK

Descendre jusqu'à Client DNS
Faire un clic droit dessus et choisir Propriétés
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Noel CASANOVA » 21 Déc 2008, 22:34

Bonsoir nickW,

Non, pas avant ta question.

Je l'ai fait , de même que les services :
Accès à distance au registre !
MSSQLServer OLAP Service
Service Terminal Server

=> Pas d'amélioration.

Merci et bonne soirée à tous,
Cordialement,

Noel CASANOVA
Noel CASANOVA
 
Messages: 8
Inscription: 13 Déc 2008, 11:18
Localisation: Paris

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités