Analyse logs (rootkit)

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Analyse logs (rootkit)

Messagede vro » 07 Mai 2010, 14:44

Bonjour à tous,

Merci d'avance de votre aide, je vous envoie mes logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4073

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/04/2010 15:49:21
mbam-log-2010-04-08 (15-49-21).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 125299
Temps écoulé: 57 minute(s), 42 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\VVSN (Adware.WhenU) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
vro
 
Messages: 7
Inscription: 07 Mai 2010, 13:38

Messagede vro » 07 Mai 2010, 14:45

le log OTL:

OTL logfile created on: 08/04/2010 15:52:30 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Utilisateur\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 162,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 20,81 Gb Free Space | 37,25% Space Free | Partition Type: NTFS
Drive D: | 8192,00 Gb Total Space | 8192,00 Gb Free Space | 100,00% Space Free | Partition Type: BLANK
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UTILISAT-191ED8
Current User Name: Utilisateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 14:01:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe
PRC - [2009/12/04 09:45:53 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009/11/25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/30 18:46:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:45:02 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 20:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/06/13 16:22:44 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/11/07 18:43:30 | 000,073,728 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/02/26 16:00:48 | 001,122,816 | ---- | M] (Pinnacle Systems GmbH.) -- C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
PRC - [2004/02/17 04:51:56 | 001,458,176 | R--- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\SmWizard.exe
PRC - [2004/02/05 10:07:48 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/10/22 16:03:50 | 000,746,496 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
PRC - [2003/09/16 11:50:58 | 000,229,376 | ---- | M] () -- C:\WINDOWS\system32\CmWatch.exe
PRC - [2003/08/06 19:54:04 | 000,720,896 | ---- | M] () -- C:\Program Files\Realtek\Rtl8180\RtlWake.exe
PRC - [2003/04/06 02:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 14:01:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/02/05 10:07:42 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/10/24 19:52:54 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/18 10:49:58 | 000,245,720 | R--- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF9035BDA.sys -- (AF9035BDA)
DRV - [2008/07/01 12:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 20:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2005/05/27 11:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2004/04/06 13:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/22 17:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/17 06:36:00 | 000,142,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2004/02/20 13:03:18 | 000,187,392 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\vobIW.sys -- (vobiw)
DRV - [2004/02/05 10:03:10 | 000,178,496 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/02/03 17:04:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2003/11/28 19:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/09/16 08:48:50 | 000,048,384 | R--- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Umss.SYS -- (UMSSSTOR)
DRV - [2003/09/10 17:20:54 | 000,180,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8180.sys -- (rtl8180) Realtek RTL8180 Wireless LAN (Mini-)
DRV - [2003/09/08 10:49:44 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/01 15:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID)
DRV - [2003/03/31 07:54:28 | 001,170,464 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://fr.search.yahoo.com/ [binary data]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 5A 53 E5 21 D5 CA 01 [binary data]
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 12:59:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/30 00:54:22 | 000,000,000 | ---D | M]

[2008/11/20 20:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Extensions
[2010/04/06 00:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\imwwn85y.default\extensions
[2009/09/04 10:46:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\imwwn85y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/25 21:23:53 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\imwwn85y.default\searchplugins\bing.xml
[2010/04/06 00:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/06 18:14:10 | 000,090,112 | ---- | M] (GLOW ENTERTAINMENT GROUP SA) -- C:\Program Files\Mozilla Firefox\components\FireDlmgrGate.dll
[2010/03/07 20:39:35 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/07 20:39:35 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/07 20:39:35 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/07 20:39:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/07 20:39:36 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1229272821-682003330-725345543-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1229272821-682003330-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1229272821-682003330-725345543-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe ()
O4 - HKLM..\Run: [Fnac] C:\Program Files\Fnac\Fnac.exe (Glowria)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-1229272821-682003330-725345543-1004..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-1229272821-682003330-725345543-1004..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems GmbH.)
O4 - HKU\S-1-5-21-1229272821-682003330-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\FRtlWake.exe ()
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1229272821-682003330-725345543-1004\..Trusted Domains: fnac.com ([vod] http in Local intranet)
O15 - HKU\S-1-5-21-1229272821-682003330-725345543-1004\..Trusted Domains: fnac.com ([vod] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v ... 8445558953 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.photoways.com/clients/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/22 11:09:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{22697e9e-0591-11dd-9020-00115b220eff}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{2de8f3ee-9f01-11de-92d0-00115b220eff}\Shell\Auto\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/14 04:33:57 | 000,401,408 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8786ff2c-e1a9-11de-9329-00115b220eff}\Shell - "" = AutoRun
O33 - MountPoints2\{8786ff2c-e1a9-11de-9329-00115b220eff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f2dd010a-0abe-11dc-8e62-00115b220eff}\Shell\AutoRun\command - "" = q1alx.exe
O33 - MountPoints2\{f2dd010a-0abe-11dc-8e62-00115b220eff}\Shell\open\Command - "" = q1alx.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/10/22 11:08:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 14:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/08 14:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/08 14:13:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Utilisateur\Bureau\erunt-setup.exe
[2010/04/08 14:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
[2010/04/08 14:11:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 14:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/08 14:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 14:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 14:10:22 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Utilisateur\Bureau\mbam-setup-1.46.exe
[2010/04/08 14:01:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe
[2010/04/07 08:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Bureau\a_graverSORLUT
[2010/04/05 13:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TerraTec
[2010/04/05 13:45:41 | 001,047,552 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2010/04/05 13:45:41 | 000,061,440 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2010/04/05 13:45:41 | 000,061,440 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2010/04/05 13:45:41 | 000,057,344 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2010/04/05 13:45:41 | 000,049,152 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2010/04/05 13:45:41 | 000,049,152 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2010/04/05 13:45:39 | 000,045,056 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2010/04/05 13:45:39 | 000,040,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2010/04/05 13:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\TerraTec
[2010/04/05 13:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\TerraTec
[2010/04/05 13:26:20 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/04/05 13:26:12 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2010/04/05 13:26:12 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/04/05 13:25:03 | 000,245,720 | R--- | C] (AfaTech ) -- C:\WINDOWS\System32\drivers\AF9035BDA.sys
[2010/04/05 13:24:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010/04/05 13:24:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/04/05 13:24:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/04/05 13:24:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010/04/05 13:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\TerraTec
[2010/04/05 11:36:54 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/04/05 11:36:54 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/04/05 11:36:18 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/04/05 11:36:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/04/05 11:36:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/04/05 11:27:56 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\arp1394.sys
[2010/04/02 13:37:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Utilisateur\Mes documents\Ma musique
[2010/03/31 01:13:39 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Utilisateur\Mes documents\My Stationery
[2010/03/29 04:07:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/14 18:17:09 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[27 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 14:24:32 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Utilisateur\ntuser.dat
[2010/04/08 14:19:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/08 14:18:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\NTREGOPT.lnk
[2010/04/08 14:18:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\ERUNT.lnk
[2010/04/08 14:13:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Utilisateur\Bureau\erunt-setup.exe
[2010/04/08 14:11:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/08 14:10:23 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Utilisateur\Bureau\mbam-setup-1.46.exe
[2010/04/08 14:01:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe
[2010/04/08 13:47:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 13:46:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 13:46:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/07 11:54:23 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Utilisateur\ntuser.ini
[2010/04/07 10:00:14 | 000,000,226 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2010/04/07 09:14:41 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 02:49:17 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/04/05 13:43:27 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TerraTec Home Cinema.lnk
[2010/04/05 04:44:10 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\avdrn.dat
[2010/04/03 03:38:23 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Microsoft Word.lnk
[2010/04/03 03:35:04 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Microsoft Excel.lnk
[2010/03/30 03:09:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/29 04:07:39 | 000,509,282 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/29 04:07:39 | 000,439,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 04:07:39 | 000,084,168 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/29 04:07:39 | 000,070,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/29 04:07:38 | 001,115,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/20 20:33:52 | 000,003,223 | -H-- | M] () -- C:\hpothb07.dat
[2010/03/20 20:33:51 | 011,777,732 | ---- | M] () -- C:\Scan0011.tif
[2010/03/20 20:33:51 | 000,990,560 | -H-- | M] () -- C:\hpothb07.tif
[2010/03/20 20:32:33 | 011,858,956 | ---- | M] () -- C:\Scan0010.tif
[2010/03/10 08:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/10 08:16:48 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[27 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/08 14:19:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/04/08 14:18:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\NTREGOPT.lnk
[2010/04/08 14:18:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\ERUNT.lnk
[2010/04/08 14:11:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/07 09:14:40 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 13:43:27 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TerraTec Home Cinema.lnk
[2010/04/05 13:25:03 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\AF15IrTbl.bin
[2010/04/05 13:24:57 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010/04/05 13:24:57 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/04/05 13:24:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/04/05 13:24:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/04/05 13:24:53 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010/04/05 13:24:53 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/04/05 04:44:10 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Application Data\avdrn.dat
[2010/03/20 20:33:51 | 011,777,732 | ---- | C] () -- C:\Scan0011.tif
[2010/03/20 20:32:33 | 011,858,956 | ---- | C] () -- C:\Scan0010.tif
[2009/03/15 20:08:59 | 000,000,115 | ---- | C] () -- C:\WINDOWS\KA.ini
[2008/12/08 15:52:59 | 000,000,194 | ---- | C] () -- C:\WINDOWS\BPama.INI
[2008/09/17 17:24:14 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/02/02 12:39:50 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/02 12:39:22 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/04/04 15:45:59 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2006/04/04 15:45:59 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2006/04/04 15:33:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2005/11/23 21:06:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/11/05 09:27:32 | 000,000,042 | ---- | C] () -- C:\WINDOWS\Preference.INI
[2005/11/01 22:02:25 | 001,945,600 | ---- | C] () -- C:\WINDOWS\System32\AdvCfgRes.dll
[2005/11/01 22:02:25 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WakeResDll.dll
[2005/11/01 22:02:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\XpCfgRes.dll
[2005/11/01 22:02:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\InsDrv.dll
[2005/08/10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/10 00:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/12/13 19:36:11 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2004/11/08 13:07:23 | 000,011,335 | ---- | C] () -- C:\WINDOWS\SmartWizard.ini
[2004/10/25 21:16:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/10/24 10:21:56 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 11:37:11 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\CmCardRm.dll
[2004/10/22 11:31:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/10/22 11:25:38 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004/10/22 11:25:20 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004/10/22 11:25:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004/10/22 11:25:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2004/10/22 11:25:12 | 000,121,043 | R--- | C] () -- C:\WINDOWS\Cmuda.ini
[2004/10/22 11:25:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2004/07/12 23:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/03/22 17:50:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/03/09 06:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/02/27 18:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 18:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 18:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 18:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 18:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[1996/04/17 11:48:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini

========== LOP Check ==========

[2007/01/25 18:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2006/05/21 01:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/04/05 13:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TerraTec
[2009/09/13 17:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\D-Jix Media
[2009/04/17 22:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Graphisoft
[2008/03/22 23:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\ICSharpCode
[2009/05/18 14:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\IndexEducation
[2008/03/07 20:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\MSNInstaller
[2008/12/13 17:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org
[2008/04/26 18:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Subversion
[2005/04/08 12:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Template
[2010/04/05 13:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\TerraTec

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/08 22:09:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/08 22:09:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/08 22:09:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/08 22:09:30 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

<MD5>
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

<systemroot>

<systemroot>
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>
<End>
vro
 
Messages: 7
Inscription: 07 Mai 2010, 13:38

Messagede vro » 07 Mai 2010, 14:46

et le dernier, le EXTRAS:

OTL Extras logfile created on: 08/04/2010 15:52:30 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Utilisateur\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,00 Mb Total Physical Memory | 162,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 20,81 Gb Free Space | 37,25% Space Free | Partition Type: NTFS
Drive D: | 8192,00 Gb Total Space | 8192,00 Gb Free Space | 100,00% Space Free | Partition Type: BLANK
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UTILISAT-191ED8
Current User Name: Utilisateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-1229272821-682003330-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Documents and Settings\Utilisateur\Bureau\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Documents and Settings\Utilisateur\Bureau\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\eMule.exe" = C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus -- (http://emuleplus.info)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe" = C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe -- ( )
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Enabled:PMC.Service.Main.exe -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe" = C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe" = C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe -- ( )
"C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe" = C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe -- (Pinnacle Systems)
"C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Utilisateur\Bureau\archicad12\ArchiCAD.exe" = C:\Documents and Settings\Utilisateur\Bureau\archicad12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"C:\Program Files\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TerraTec Electronic GmbH)
"C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TerraTec Electronic GmbH)
"C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TerraTec Electronic GmbH)
"C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TerraTec Electronic GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{016AFAAC-031E-4D17-80FC-7952CCCB2C2C}" = Adiboud'Chou dans la jungle
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA6533-893E-4F17-A95C-4A38043A8721}" = Adiboud'Chou et le Jardin des Surprises
"{1A27646D-2508-48D8-9BC3-B0B570D188F7}" = Micro Application - Architecte Studio Pro 2006
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{510D7787-C1B3-472C-86DF-C06273DAE60B}" = iPod Updater 2004-10-20
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD31E03-4843-4352-9F8B-919430E80C98}" = INDEX EDUCATION - ProfNOTE 2008
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6F157F-BAEE-4206-ACCA-10A29F3030B6}" = D-Jix Media
"{6B5D8CB6-0156-4B50-9DAA-618FF9FC18A6}" = Pinnacle InstantCD/DVD Suite
"{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0
"{6D7F8D4B-D1A4-402A-973E-31E90940E585}" = OneCare Advisor (Windows Live Toolbar)
"{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}" = Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Photo et imagerie HP 2.0 - All-in-One Pilote
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C192D21-DFB3-4F1F-9F06-A6C3D3AE1B85}" = SharpDevelop 2.2
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{9211040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Photo et imagerie HP 2.0 - All-in-One
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}" = Bloqueur de fenêtres pop-up (Windows Live Toolbar)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A70700000002}" = Adobe Reader 7.0.7 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C583CEE0-56CD-4545-9BA9-9042EE1FC9E0}" = Realtek RTL8180 Wireless LAN (Mini-)PCI Driver & Utility
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{E1ED58B9-D32C-4EAB-B3F3-1049735041DB}" = Franklin Après l'école
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}" = Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"{F5223680-993A-11D4-86F6-0001031E5712}" = InterVideo Installer
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"001FFFFFFF12FF00FF0501F02F02F000-R1" = ArchiCAD 12 FRA
"Adibou V.3.00 on C" = Adibou V.3.00 on C
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Agere Systems Soft Modem" = Actiontec MDC AC'97 Modem v2128D
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AVIConverter" = AVIConverter Smart
"CCleaner" = CCleaner (remove only)
"C-Media Audio" = C-Media 3D Audio
"C-Media Card Reader Driver" = C-Media USB Mass Storage Driver
"Easy Calcul Offert par la société APRECI" = Easy Calcul Offert par la société APRECI (Version FreeWare)
"eMule Plus_is1" = eMule Plus 1.2b
"Encarta98F" = Encyclopédie Microsoft Encarta 98
"ERUNT_is1" = ERUNT 1.1j
"FairUse Wizard 2" = FairUse Wizard 2
"Fnac" = Désinstallation du Fnac Video Manager
"Google Updater" = Outil de mise à jour Google
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{016AFAAC-031E-4D17-80FC-7952CCCB2C2C}" = Adiboud'Chou dans la jungle
"InstallShield_{510D7787-C1B3-472C-86DF-C06273DAE60B}" = iPod Updater 2004-10-20
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Virus Cleaner 2008_is1" = Multi Virus Cleaner 2008
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"PremElem10" = Adobe Premiere Elements 1.0
"QcDrv" = Programme de gestion Camera de Logitech®
"SiS7002" = USB EHCI Driver
"Skype_is1" = Skype 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Téléchargement PHOTOWAYS" = Téléchargement PHOTOWAYS 3.1.0
"TMM70" = TELL ME MORE
"ToolBand.SkypeIEToolbarToolbar" = Skype add-on for IE
"VLC media player" = VLC media player 0.9.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 22/09/2008 16:14:47 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\BILD0580.JPG failed, 0000001E.

Error - 22/09/2008 16:14:59 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\BILD0153.JPG failed, 0000A420.

Error - 22/09/2008 16:21:38 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\BILD0584.JPG failed, 0000001E.

Error - 22/09/2008 16:22:37 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\BILD0537.JPG failed, 0000001E.

Error - 22/09/2008 16:28:53 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\BILD0580.JPG failed, 0000001E.

Error - 22/09/2008 16:29:05 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\BILD0153.JPG failed, 0000A420.

Error - 03/12/2008 05:04:07 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UTILISATEUR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
LIVE CONTACTS\CSORLUT@HOTMAIL.FR\REAL\CONTACTCOLL.CACHE failed, 00000005.

Error - 03/12/2008 05:04:07 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\UTILISATEUR\CONTACTS\CSORLUT@HOTMAIL.FR\CONTACTCOLL.CACHE
failed, 00000005.

Error - 09/12/2009 11:22:39 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf failed, 0000A413.

Error - 08/03/2010 12:47:49 | Computer Name = UTILISAT-191ED8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\c2115f16bd3c291aedde6441eb8cc984\BITB.tmp
failed, 00000026.

[ Application Events ]
Error - 15/12/2009 16:10:41 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3576, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/12/2009 04:40:19 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/03/2010 01:40:02 | Computer Name = UTILISAT-191ED8 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 02/04/2010 10:20:36 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.2627.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 05/04/2010 20:50:14 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 7.0.7.142, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 05/04/2010 21:02:27 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 7.0.7.142, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 06/04/2010 00:48:45 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3725, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 06/04/2010 03:01:34 | Computer Name = UTILISAT-191ED8 | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
défaillant iviaudio.ax, version 1.0.0.1, adresse de défaillance 0x0001136d.

Error - 06/04/2010 06:37:02 | Computer Name = UTILISAT-191ED8 | Source = Application Hang | ID = 1002
Description = Application bloquée Skype.exe, version 3.0.0.214, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 06/04/2010 07:04:03 | Computer Name = UTILISAT-191ED8 | Source = Application Error | ID = 1000
Description = Application défaillante Skype.exe, version 3.0.0.214, module défaillant
Skype.exe, version 3.0.0.214, adresse de défaillance 0x007ad559.

[ System Events ]
Error - 07/04/2010 03:16:52 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Error - 07/04/2010 03:16:56 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Error - 07/04/2010 03:16:58 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Error - 07/04/2010 03:17:00 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Error - 07/04/2010 03:17:10 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Error - 08/04/2010 07:47:16 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 08/04/2010 07:47:16 | Computer Name = UTILISAT-191ED8 | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 08/04/2010 09:51:07 | Computer Name = UTILISAT-191ED8 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
avast! Web Scanner.

Error - 08/04/2010 09:51:07 | Computer Name = UTILISAT-191ED8 | Source = Service Control Manager | ID = 7000
Description = Le service avast! Web Scanner n'a pas pu démarrer en raison de l'erreur :
%%1053

Error - 08/04/2010 09:51:42 | Computer Name = UTILISAT-191ED8 | Source = Service Control Manager | ID = 7034
Description = Le service avast! Web Scanner s'est terminé de façon inattendue pour
la 1ème fois.


<End>
vro
 
Messages: 7
Inscription: 07 Mai 2010, 13:38

Messagede nickW » 07 Mai 2010, 17:30

Bonjour,


Ton autre sujet (doublon) a été verrouillé.


Quels sont les symptômes d'infection?


Qui t'a parlé de la présence d'un "rootkit"?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede vro » 07 Mai 2010, 20:11

Bonjour,

Le scan d'avast a détecté plusieurs fichiers infecté du même nom: win32 rootkit-gen rtk...
Le pc a du mal a démarré et les applications sont longues aussi à démarrer...
vro
 
Messages: 7
Inscription: 07 Mai 2010, 13:38

Messagede nickW » 08 Mai 2010, 00:47

Bonsoir,

Quels sont les nom et emplacement exacts des fichiers signalés comme infectés?


Premiers nettoyages, recherche de processus caché:

Étape 1: RootRepeal (de AD), téléchargement
Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.googlepages.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

Décompresser l'archive téléchargée (via clic droit, puis "Extraire tout") dans ce nouveau dossier RootRepeal


Étape 2: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
O33 - MountPoints2\{22697e9e-0591-11dd-9020-00115b220eff}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{2de8f3ee-9f01-11de-92d0-00115b220eff}\Shell\Auto\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/14 04:33:57 | 000,401,408 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{f2dd010a-0abe-11dc-8e62-00115b220eff}\Shell\AutoRun\command - "" = q1alx.exe
O33 - MountPoints2\{f2dd010a-0abe-11dc-8e62-00115b220eff}\Shell\open\Command - "" = q1alx.exe

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: vro.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"


Étape 4: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 08 Mai 2010, 00:48

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 5: Pas de processus de contrôle en temps réel
Comme le PC a redémarré, si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 6: RootRepeal (de AD), exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:
Image

Cliquer sur le bouton Scan
Image

Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services
+ Shadow SSDT

Image

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (généralement C:\)
Image

Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.
Image

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-100507.txt

Ouvrir le menu File (tout en haut, à gauche), cliquer sur Exit pour fermer le programme.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport de RootRepeal (contenu du fichier RootRepeal-100507.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 10 invités