Demande Analyse - Plusieurs iexplore.exe

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande Analyse - Plusieurs iexplore.exe

Messagede [ZeN] » 10 Juil 2010, 09:00

Bonjour,
pourriez vous regardez mes logs s'il vous plait.
J'ai plusieurs iexplore.exe ( deux, puis trois, des fois quatre ), et quand je surf, une fenêtre internet explorer s'ouvre toute seule.
J'ai passé windows defender, spybod, panda, Antivir, Trend ... sans résultat.

Je vous laisse le temps d'analyse, je pars 15 jours.
En vous remerciant par avance.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4298

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/07/2010 09:39:49
mbam-log-2010-07-10 (09-39-49).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 138912
Temps écoulé: 21 minute(s), 19 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

*** END ***


OTL.txt :

http://www.cijoint.fr/cjlink.php?file=c ... yoRssZ.txt

Extras.Txt :


http://www.cijoint.fr/cjlink.php?file=c ... 73cbhg.txt

hijackthis.txt :

http://www.cijoint.fr/cjlink.php?file=c ... U8hx0l.txt

Merci, Stéphane
[ZeN]
 
Messages: 7
Inscription: 09 Juil 2010, 10:48
Localisation: En vacances

Messagede nickW » 10 Juil 2010, 14:57

Bonjour,

Rapport OTL:

OTL logfile created on: 10/07/2010 09:21:24 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Stéphane\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 39,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 21,47 Gb Free Space | 38,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298,09 Gb Total Space | 145,01 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAMBRE
Current User Name: Stéphane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 11:50:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stéphane\Bureau\OTL.exe
PRC - [2010/06/24 10:44:40 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/08/30 17:55:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/16 22:12:56 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 04:34:22 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 14:07:02 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:06:52 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/05/24 20:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2005/01/10 16:09:08 | 001,880,133 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2004/03/09 22:48:19 | 001,542,144 | ---- | M] (Gildas LE BOURNAULT) -- C:\Program Files\RamBoost XP\rambxpfr.exe
PRC - [2003/11/13 17:51:56 | 000,253,952 | ---- | M] (Stardock) -- C:\Program Files\Fichiers communs\Stardock\sdmcp.exe
PRC - [2003/03/01 17:25:28 | 000,138,240 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2001/08/23 19:47:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 11:50:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stéphane\Bureau\OTL.exe
MOD - [2008/04/14 04:33:29 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/01/10 14:38:26 | 000,020,480 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2003/03/01 17:25:10 | 000,008,192 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/30 17:55:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/16 22:12:56 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/23 01:34:34 | 000,851,968 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/04/08 12:38:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/17 10:40:50 | 000,217,088 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PS3 Media Server\win32\service\wrapper.exe -- (PS3 Media Server)
SRV - [2008/04/14 04:34:22 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\windows\System32\slserv.exe -- (SLService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/24 20:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Rohos\RHDISK.SYS -- (RHDISK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\PLCMPR5.SYS -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\nsysaudm.sys -- (nsysaudm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [2010/05/19 02:07:46] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/31 03:58:04 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2010/03/31 03:58:04 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2009/12/10 19:51:13 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/16 22:12:56 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\windows\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/12/04 19:55:50 | 000,554,240 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700)
DRV - [2007/07/11 18:06:22 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modrc.sys -- (MODRC)
DRV - [2006/11/02 14:06:52 | 000,153,568 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mabtc.sys -- (MaBtc)
DRV - [2006/09/27 10:47:54 | 000,102,272 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MaBtPort.sys -- (MaBtPort)
DRV - [2005/12/18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\dsdrv4.sys -- (DSDrv4)
DRV - [2005/10/31 23:44:39 | 000,010,880 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/10/16 09:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\windows\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/10/04 16:38:26 | 000,280,064 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/08/23 12:04:04 | 000,022,990 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MaBtVad.sys -- (MaBtVad)
DRV - [2005/08/18 11:44:50 | 000,049,867 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/06/08 19:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\brgsp50.sys -- (BRGSp50)
DRV - [2005/04/25 12:10:20 | 000,033,538 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/04 00:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/04 00:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/04 00:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/04 00:41:40 | 000,180,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/04 00:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/04 00:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/04 00:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/26 18:11:00 | 000,017,280 | R--- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2001/09/18 12:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2001/08/17 23:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 22:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Pilote du Gestionnaire SoundFont Creative (WDM)
DRV - [2001/08/17 22:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Pilote du Gestionnaire d'interface Creative (WDM)
DRV - [2001/08/17 22:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/07/13 14:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com (Virtus Designs)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: downintab@max.max:0.0.9
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.8
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {d9b25e30-c1cf-11de-8a39-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/14 00:48:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 11:00:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 12:44:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/06/26 12:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2007/11/30 11:13:04 | 002,753,536 | ---- | M] ()
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/26 12:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007/11/30 11:13:04 | 002,753,536 | ---- | M] ()

[2008/12/20 13:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Extensions
[2008/08/08 14:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/07/09 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions
[2010/04/27 13:40:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/15 00:55:50 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2010/02/09 19:08:23 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008/12/24 16:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/10/18 10:52:06 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010/05/31 23:16:56 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/27 13:40:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/19 10:22:28 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/05/01 02:29:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/27 13:40:49 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/09 19:10:28 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
[2010/03/23 13:46:13 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/05/31 23:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2008/03/01 03:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11}
[2009/10/18 10:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\CrystalFox_Qute@BigRedBrent
[2008/12/13 04:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\dlembed@aeruder.net
[2009/08/15 15:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\downintab@max.max
[2009/10/15 00:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\fr-FR@dictionaries.addons.mozilla(2).org
[2007/10/20 20:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\piraton@enchufados.net
[2007/09/19 11:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\videodowloader@videodownloader.net
[2010/02/09 19:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/02/09 19:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/02/09 19:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/02/09 19:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/02/09 19:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/02/09 19:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/02/09 19:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/02/09 19:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2007/10/04 02:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mozilla\Sunbird\Profiles\28p9mrxy.default\extensions
[2010/07/09 19:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/11 10:19:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/12/02 10:26:33 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/02 10:26:33 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/02 10:26:33 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/02 10:26:33 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/02 10:26:33 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/07/05 10:17:39 | 000,410,689 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14217 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe (Gildas LE BOURNAULT)
O4 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O4 - Startup: C:\Documents and Settings\Stéphane\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab (HouseCall Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x ... DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\Program Files\Fichiers communs\Stardock\mcpstub.dll - C:\Program Files\Fichiers communs\Stardock\MCPStub.dll (Stardock)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Fichiers communs\Stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/17 09:38:44 | 000,000,066 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\windows\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 19:30:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stéphane\Recent
[2010/07/09 15:11:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stéphane\Bureau\OTL.exe
[2010/07/09 11:40:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/07/09 11:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/07/09 09:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Mes documents\icones
[2010/07/06 19:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/04 20:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\Unity
[2010/07/04 15:53:57 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/04 12:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\RegistryBackups
[2010/07/04 00:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/07/04 00:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/07/04 00:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Application Data\Malwarebytes
[2010/07/04 00:15:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/07/04 00:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/04 00:15:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/07/04 00:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/03 12:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Application Data\Uniblue
[2010/07/03 12:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/03 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/07/03 10:32:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/03 00:54:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/07/02 21:14:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 17:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
[2010/07/02 10:50:03 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/07/02 10:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/02 10:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/06/28 09:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\Cranium_Consulting_and_Cu
[2010/06/28 09:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser
[2010/06/27 19:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\WindSolutions
[2010/06/27 19:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Application Data\WindSolutions
[2010/06/27 19:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/27 13:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Mes documents\Red Kawa
[2010/06/27 13:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Application Data\Red Kawa
[2010/06/27 13:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\MediaMonkey
[2010/06/27 13:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\Geckofx
[2010/06/27 13:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Mes documents\I PHONE
[2010/06/26 12:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Application Data\Apple Computer
[2010/06/26 12:36:15 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2010/06/26 12:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/26 12:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/26 12:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/26 12:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/26 12:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/06/26 12:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\Apple
[2010/06/26 12:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/26 12:30:07 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\windows\System32\usbaaplrc.dll
[2010/06/26 12:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/26 12:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/06/26 12:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/06/26 12:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\Apple Computer
[2010/06/26 11:59:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusb.dll
[2010/06/26 11:59:00 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\usbscan.sys
[2010/06/26 11:58:58 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusd.dll
[2010/06/13 16:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\BreakSoft
[2010/06/11 13:59:53 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[97 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[86 C:\windows\System32\dllcache\*.tmp files -> C:\windows\System32\dllcache\*.tmp -> ]
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/10 09:32:45 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Stéphane\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/07/10 09:32:25 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Stéphane\Bureau\NTREGOPT.lnk
[2010/07/10 09:32:25 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Stéphane\Bureau\ERUNT.lnk
[2010/07/10 01:51:13 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/07/09 19:36:23 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/07/09 19:36:16 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/07/09 19:35:09 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\Stéphane\ntuser.dat
[2010/07/09 19:35:09 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Stéphane\ntuser.ini
[2010/07/09 18:52:49 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 12:13:35 | 000,133,971 | ---- | M] () -- C:\windows\System32\AdobeFnt.lst
[2010/07/09 11:50:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stéphane\Bureau\OTL.exe
[2010/07/09 11:43:27 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Stéphane\Bureau\HiJackThis.lnk
[2010/07/09 11:37:52 | 000,012,598 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/07/09 00:23:33 | 000,000,045 | ---- | M] () -- C:\TEST.XML
[2010/07/08 20:01:31 | 000,000,811 | ---- | M] () -- C:\windows\EZPHOTO.INI
[2010/07/06 19:25:02 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/07/06 10:01:53 | 000,235,573 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\Nao.jpg
[2010/07/05 10:17:39 | 000,410,689 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/07/05 08:34:39 | 000,049,952 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/07/04 21:14:08 | 000,115,396 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\cc_20100704_211325.reg
[2010/07/04 16:15:30 | 000,076,528 | ---- | M] () -- C:\Documents and Settings\Stéphane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/04 15:55:17 | 000,257,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/07/04 11:26:20 | 000,000,202 | ---- | M] () -- C:\windows\NeroDigital.ini
[2010/07/04 00:16:01 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/07/03 19:36:35 | 000,011,264 | ---- | M] () -- C:\windows\DCEBoot.exe
[2010/07/03 19:36:35 | 000,003,700 | ---- | M] () -- C:\windows\DCEBOOT.CFG
[2010/07/03 00:49:31 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/07/02 20:30:06 | 000,000,028 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\iexplorer.bat
[2010/07/02 18:27:52 | 000,000,027 | -HS- | M] () -- C:\windows\System32\drivers\etc\hosts.20100705-101739.backup
[2010/07/02 18:27:52 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts-20100704110631
[2010/07/02 18:27:52 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts-20100704104744
[2010/07/02 18:27:52 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts-20100704103429
[2010/07/02 18:15:47 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Stéphane\Bureau\ComboFix.exe
[2010/07/02 17:59:55 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Stéphane\Bureau\Pop-Up Stopper Free Edition.lnk
[2010/07/02 10:13:26 | 000,017,372 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\cc_20100702_101244.reg
[2010/07/01 20:10:15 | 000,285,408 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\cc_20100701_201005.reg
[2010/07/01 18:24:55 | 000,000,708 | ---- | M] () -- C:\windows\win.ini
[2010/06/27 19:19:21 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CopyTrans Control Center.lnk
[2010/06/27 13:08:54 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Videora iPhone Converter.lnk
[2010/06/26 22:27:56 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\yes_des_charmes@hotmail.com.iaf
[2010/06/26 22:27:54 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\patate.puree@gmail.com.iaf
[2010/06/26 22:27:50 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\kfr.stephane@gmail.com.iaf
[2010/06/26 22:27:44 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\kfr.stephane@free.fr.iaf
[2010/06/26 22:27:40 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\cestmaboitemail@free.fr.iaf
[2010/06/26 22:27:36 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\admin.animalcrossingforyou@gmail.com.iaf
[2010/06/24 08:21:03 | 001,084,684 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/24 08:21:03 | 000,513,046 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2010/06/24 08:21:03 | 000,443,724 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/24 08:21:03 | 000,086,074 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2010/06/24 08:21:03 | 000,071,982 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/22 11:52:30 | 000,008,472 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\unlock nokia.rtf
[2010/06/22 09:49:00 | 000,009,268 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\retro fazer.JPG
[97 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[86 C:\windows\System32\dllcache\*.tmp files -> C:\windows\System32\dllcache\*.tmp -> ]
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 11:42:28 | 000,000,330 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2010/07/09 00:23:33 | 000,000,045 | ---- | C] () -- C:\TEST.XML
[2010/07/06 10:01:52 | 000,235,573 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\Nao.jpg
[2010/07/04 21:13:27 | 000,115,396 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\cc_20100704_211325.reg
[2010/07/04 00:16:01 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/07/03 19:32:56 | 000,011,264 | ---- | C] () -- C:\windows\DCEBoot.exe
[2010/07/03 19:32:56 | 000,003,700 | ---- | C] () -- C:\windows\DCEBOOT.CFG
[2010/07/02 20:29:45 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\iexplorer.bat
[2010/07/02 18:16:01 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Stéphane\Bureau\ComboFix.exe
[2010/07/02 17:59:55 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Stéphane\Bureau\Pop-Up Stopper Free Edition.lnk
[2010/07/02 10:34:27 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Stéphane\Bureau\HiJackThis.lnk
[2010/07/02 10:12:48 | 000,017,372 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\cc_20100702_101244.reg
[2010/07/01 20:10:07 | 000,285,408 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\cc_20100701_201005.reg
[2010/06/29 13:28:22 | 012,845,056 | ---- | C] () -- C:\Documents and Settings\Stéphane\ntuser.dat
[2010/06/27 19:19:21 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CopyTrans Control Center.lnk
[2010/06/27 13:08:54 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Videora iPhone Converter.lnk
[2010/06/26 22:27:56 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\yes_des_charmes@hotmail.com.iaf
[2010/06/26 22:27:54 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\patate.puree@gmail.com.iaf
[2010/06/26 22:27:50 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\kfr.stephane@gmail.com.iaf
[2010/06/26 22:27:44 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\kfr.stephane@free.fr.iaf
[2010/06/26 22:27:40 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\cestmaboitemail@free.fr.iaf
[2010/06/26 22:27:36 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\admin.animalcrossingforyou@gmail.com.iaf
[2010/06/26 21:22:26 | 000,049,952 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/06/26 12:31:27 | 000,000,284 | ---- | C] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/06/22 11:16:12 | 000,008,472 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\unlock nokia.rtf
[2010/06/22 09:48:53 | 000,009,268 | ---- | C] () -- C:\Documents and Settings\Stéphane\Mes documents\retro fazer.JPG
[2010/05/29 20:43:38 | 000,019,456 | ---- | C] () -- C:\windows\System32\psut9516.dll
[2010/05/29 20:43:38 | 000,012,479 | ---- | C] () -- C:\windows\System32\PSUT16.DLL
[2010/05/18 19:21:48 | 000,000,127 | ---- | C] () -- C:\windows\wininit.ini
[2010/05/18 19:13:34 | 000,120,376 | ---- | C] () -- C:\windows\System32\rrsec.dll
[2010/05/17 19:00:42 | 000,007,168 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2009/06/06 17:13:52 | 000,000,093 | ---- | C] () -- C:\windows\PasswordTools.INI
[2009/06/06 17:10:04 | 000,000,325 | ---- | C] () -- C:\windows\pwcu.INI
[2009/05/22 13:58:35 | 000,363,520 | ---- | C] () -- C:\windows\System32\PsisDecd.dll
[2009/04/09 13:30:13 | 000,000,022 | ---- | C] () -- C:\windows\ppdrv.ini
[2009/04/09 13:25:19 | 000,095,232 | ---- | C] () -- C:\windows\System32\Lfkodak.dll
[2009/04/09 13:25:18 | 000,306,688 | ---- | C] () -- C:\windows\System32\Lffpx7.dll
[2009/04/09 13:25:17 | 000,148,512 | ---- | C] () -- C:\windows\hpud32.dll
[2009/04/09 13:25:17 | 000,110,624 | ---- | C] () -- C:\windows\p1220_32.dll
[2009/04/09 13:25:17 | 000,000,038 | ---- | C] () -- C:\windows\hpudrv.ini
[2009/03/24 22:28:11 | 008,913,920 | ---- | C] () -- C:\windows\System32\mp22.dll
[2009/03/24 22:25:40 | 004,762,112 | ---- | C] () -- C:\windows\System32\NCMedia.dll
[2009/03/24 22:25:40 | 000,383,238 | ---- | C] () -- C:\windows\System32\libmp3lame-0.dll
[2008/11/29 21:31:53 | 000,237,568 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2008/07/02 01:37:18 | 000,118,784 | ---- | C] () -- C:\windows\System32\ncvDS61.dll
[2008/07/02 01:37:17 | 000,094,208 | ---- | C] () -- C:\windows\System32\ncCompress.dll
[2008/07/02 01:37:17 | 000,065,536 | ---- | C] () -- C:\windows\System32\ncUtil62.dll
[2008/07/02 01:37:13 | 000,098,304 | ---- | C] () -- C:\windows\System32\nczlib.dll
[2008/07/02 01:37:13 | 000,053,760 | ---- | C] () -- C:\windows\System32\zlib32.dll
[2008/03/30 08:38:07 | 000,000,648 | ---- | C] () -- C:\windows\WebCamC.ini
[2008/03/30 08:27:45 | 000,158,720 | ---- | C] () -- C:\windows\System32\LFCMP62N.DLL
[2008/03/30 08:27:45 | 000,078,336 | ---- | C] () -- C:\windows\System32\LTIMG62N.DLL
[2008/03/30 08:27:45 | 000,022,016 | ---- | C] () -- C:\windows\System32\LFBMP62N.DLL
[2008/03/30 08:27:44 | 000,043,008 | ---- | C] () -- C:\windows\System32\LTFIL62N.DLL
[2008/03/12 19:01:38 | 000,000,202 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/03/01 03:49:44 | 000,000,125 | ---- | C] () -- C:\windows\fd3.INI
[2008/01/23 22:41:56 | 000,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
[2008/01/20 01:40:41 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.INI
[2007/12/24 05:01:20 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2007/12/24 05:01:15 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007/12/24 05:01:15 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2007/12/24 05:01:15 | 000,282,624 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2007/12/24 05:01:12 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2007/12/24 05:01:12 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2007/11/26 12:05:52 | 000,028,672 | ---- | C] () -- C:\windows\System32\InsDrvZD.dll
[2007/11/26 12:05:52 | 000,015,872 | ---- | C] () -- C:\windows\System32\InsDrvZD64.DLL
[2007/11/18 05:12:05 | 000,247,824 | ---- | C] () -- C:\windows\System32\prgiso.dll
[2007/11/18 05:12:04 | 004,245,008 | ---- | C] () -- C:\windows\System32\qtp-mt334.dll
[2007/11/18 05:12:04 | 000,013,840 | ---- | C] () -- C:\windows\System32\wnaspi32.dll
[2007/11/17 15:51:42 | 000,014,976 | ---- | C] () -- C:\windows\System32\drivers\SBKUPNT.SYS
[2007/11/17 15:51:37 | 000,002,799 | ---- | C] () -- C:\windows\SKLANG.INI
[2007/10/23 09:44:15 | 000,044,544 | ---- | C] () -- C:\windows\System32\GIF89.DLL
[2007/10/16 18:13:56 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2007/10/15 11:13:25 | 000,139,264 | ---- | C] () -- C:\windows\System32\Polyclip.dll
[2007/10/15 11:13:25 | 000,036,864 | ---- | C] () -- C:\windows\System32\Ogc.dll
[2007/10/15 11:13:25 | 000,036,864 | ---- | C] () -- C:\windows\System32\Nmea.dll
[2007/10/15 11:13:25 | 000,032,768 | ---- | C] () -- C:\windows\System32\RCalcul.dll
[2007/10/15 11:13:24 | 000,143,360 | ---- | C] () -- C:\windows\System32\ConversApi.dll
[2007/10/15 11:13:22 | 000,040,960 | ---- | C] () -- C:\windows\System32\BCGCBResFRA.dll
[2007/10/15 11:13:18 | 000,688,128 | ---- | C] () -- C:\windows\System32\BCGCB474.dll
[2007/10/14 14:28:27 | 000,188,416 | ---- | C] () -- C:\windows\System32\CP30FW.DLL
[2007/09/19 14:51:41 | 002,463,976 | ---- | C] () -- C:\windows\System32\NPSWF32.dll
[2007/09/18 16:18:36 | 000,210,944 | ---- | C] () -- C:\windows\System32\MSVCRT10.DLL
[2007/09/18 16:18:36 | 000,000,114 | ---- | C] () -- C:\windows\kpcms.ini
[2007/09/18 16:18:33 | 000,000,811 | ---- | C] () -- C:\windows\EZPHOTO.INI
[2007/09/17 16:11:19 | 000,000,027 | ---- | C] () -- C:\windows\MP32SWF.INI
[2007/09/09 19:00:21 | 000,000,277 | ---- | C] () -- C:\windows\TrayServerData.ini
[2007/09/09 18:56:34 | 000,163,456 | ---- | C] () -- C:\windows\System32\drivers\vidstub.sys
[2007/09/09 03:29:56 | 000,071,749 | ---- | C] () -- C:\windows\hcextoutput.dll
[2007/09/09 03:29:56 | 000,000,823 | ---- | C] () -- C:\windows\tsc.ini
[2007/09/09 03:11:24 | 000,000,170 | ---- | C] () -- C:\windows\GetServer.ini
[2007/09/08 21:07:48 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2007/09/08 21:07:47 | 000,471,552 | ---- | C] () -- C:\windows\System32\Smab.dll
[2007/09/08 19:16:17 | 000,180,360 | ---- | C] () -- C:\windows\System32\drivers\ntmtlfax.sys
[2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\windows\System32\renMM.dll
[2002/11/14 16:50:55 | 000,009,728 | ---- | C] () -- C:\windows\System32\BASSMOD.DLL
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\windows\aucfg.ini
[2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\windows\System32\therename.dll
[2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\windows\System32\renogg.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\windows\tmupdate.ini
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\windows\System32\UNACEV2.DLL
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\windows\patchw32.dll
[2001/09/18 12:00:00 | 000,065,536 | ---- | C] () -- C:\windows\System32\bmpproc.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\windows\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\windows\AuHCcup1.dll

========== LOP Check ==========

[2007/09/12 10:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/17 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/02 10:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/05/18 00:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/07/04 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/07/04 21:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/18 14:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/10/20 13:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebacamSurveyor
[2010/07/01 02:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/26 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/29 12:45:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{69F69AB0-8485-4B45-A118-148977C1651A}
[2007/09/12 10:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\ACD Systems
[2010/04/05 15:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\AntsSoft
[2007/09/29 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Azureus
[2008/07/02 02:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Camfrog
[2010/05/17 19:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Canneverbe Limited
[2007/09/27 18:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\CasaPortale.de
[2007/09/29 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Copernic
[2010/05/29 12:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Fighters
[2007/09/27 01:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\FileZilla
[2009/05/18 00:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\GARMIN
[2008/06/14 12:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\gtk-2.0
[2007/09/29 02:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\JLC's Software
[2010/05/14 11:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Mael
[2007/09/10 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\MobileAction
[2007/11/23 01:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\MSNInstaller
[2009/03/11 01:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\OpenOffice.org
[2010/07/04 01:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\QuickScan
[2010/06/27 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Red Kawa
[2007/09/11 01:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\SPAMfighter
[2007/09/28 00:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\SplitTile
[2009/12/23 15:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\SQLite Administrator
[2007/09/10 22:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Thunderbird
[2008/08/08 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\TomTom
[2010/07/03 12:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Uniblue
[2008/01/27 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\Weezo
[2010/07/01 02:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stéphane\Application Data\WindSolutions
[2010/07/10 01:51:13 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 10 Juil 2010, 14:59

La suite .....

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/28 14:12:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/28 14:12:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/28 14:12:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/28 14:12:25 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:33:21 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2001/08/23 19:47:00 | 000,004,096 | ---- | M] (Creative Technology Ltd.) Unable to obtain MD5 -- C:\WINDOWS\system32\ctwdm32.dll
[2008/04/14 04:33:27 | 000,095,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/14 04:33:30 | 000,072,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/14 04:33:32 | 002,843,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2009/03/08 04:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/13 20:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\MSVCRT40.DLL
[2008/04/14 04:33:39 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/14 04:33:39 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/14 04:33:39 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/14 04:33:40 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004/08/05 14:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\serwvdrv.dll
[2008/04/14 04:33:46 | 000,716,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/14 04:33:46 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004/08/05 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\umdmxfrm.dll
[2008/04/13 20:36:46 | 002,986,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[97 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6585142
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10A4358
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98781370
< End of report >
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 10 Juil 2010, 15:01

Re-


Rapport Extras.Txt:


OTL Extras logfile created on: 10/07/2010 09:21:24 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Stéphane\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 39,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 21,47 Gb Free Space | 38,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298,09 Gb Total Space | 145,01 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHAMBRE
Current User Name: Stéphane
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [THE Rename] -- "C:\Program Files\THE Rename\rename.exe" "%1" (Hervé Thouzard)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"7561:TCP" = 7561:TCP:*:Enabled:EMULE
"7571:UDP" = 7571:UDP:*:Enabled:EMULE

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Freeplayer\vlc\vlc.exe" = C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\FileZilla Client\filezilla.exe" = C:\Program Files\FileZilla Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Program Files\teamscript35\nukenabber\nukenabber.exe" = C:\Program Files\teamscript35\nukenabber\nukenabber.exe:*:Enabled:NukeNabber -- (DSI)
"C:\Program Files\TeamScripT V3.8\NukeNabber\nukenabber.exe" = C:\Program Files\TeamScripT V3.8\NukeNabber\nukenabber.exe:*:Enabled:NukeNabber -- (DSI)
"C:\Program Files\FreePCvcR\vlc\vlc.exe" = C:\Program Files\FreePCvcR\vlc\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\RecordingManager.exe" = C:\Program Files\Real\RealPlayer\RecordingManager.exe:*:Disabled:RealNetworks Download and Record Manager -- (RealNetworks, Inc.)
"C:\Program Files\CF3B5\PS3.ProxyServer\PS3.ProxyServer.GUI.exe" = C:\Program Files\CF3B5\PS3.ProxyServer\PS3.ProxyServer.GUI.exe:*:Enabled: -- ( )
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe" = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe:*:Enabled:ZDWLan Utility -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome CE -- (Ahead Software AG)
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\PS3 Media Server\PMS.exe" = C:\Program Files\PS3 Media Server\PMS.exe:*:Enabled:PS3 Media Server -- (A. Brochard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}" = OpenOffice.org 3.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{365172F8-9A61-483A-B7CD-820C19BF4528}" = PLC Configuration Utility-85M
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{51D569E0-8A28-11D2-B962-006097C4DE24}" = Microsoft (R) C Runtime Library
"{51D569E2-8A28-11D2-B962-006097C4DE24}" = MFCDLL Shared Library - Retail Version
"{51D569E3-8A28-11D2-B962-006097C4DE24}" = Microsoft (R) C++ Runtime Library
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{5B4F13B0-62C4-4F70-B9A6-3788196EC972}" = GBalph NDSMovie Converter V1.00
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OUTLOOKR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OUTLOOKR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OUTLOOKR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OUTLOOKR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A06334-CB8D-422A-9699-251217674FD4}" = ACDSee 9 Gestionnaire de photos
"{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}" = MSXML 3.0
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BFA86B3-D978-423C-981C-C64FF7A022A4}_is1" = yDGpatch 1.2
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A10F672B-01C4-498F-ADBD-3E5B144284B7}_is1" = Tomtomax Maxi-Box V2.0.10
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.3 - Français
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E33EAB77-A36A-4FBF-BB15-2BBF74C7A796}" = iPhoneBrowser
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}" = PS3.ProxyServer
"7-Zip" = 7-Zip 4.65
"AC3" = AC3
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe 2.0" = Adobe PhotoDeluxe 2.0
"ADOCEinstall" = ADOCEinstall
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BootSkin" = BootSkin
"CCleaner" = CCleaner
"Copernic Agent Basic" = Copernic Agent Basic
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"Creative Video Blaster WebCam Control" = Creative Video Blaster WebCam Control
"Creative WebCam Monitor" = Creative WebCam Monitor
"CursorXP" = CursorXP
"DivX Setup.divx.com" = Configuration DivX
"DLDIrc" = DLDIrc
"DScaler 4.1.15_is1" = DScaler 4.1.15
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.0.3
"EasyPHP_is1" = EasyPHP 2.0b1
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FFMPEG" = FFMPEG
"FileZilla Client" = FileZilla Client 3.0.1
"Free Easy Burner_is1" = Free Easy Burner V 3.8
"Free Flash Flv MP3 Converter (by minidvdsoft)_is1" = Free Flash Flv MP3 Converter v3.0
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.7
"Freeplayer" = Freeplayer
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"G6M3 CheatCode Combiner" = G6M3 CheatCode Combiner Uninstall
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IconPackager" = IconPackager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.2 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Sunbird (0.5)" = Mozilla Sunbird (0.5)
"Mozilla Thunderbird (2.0.0.6)" = Mozilla Thunderbird (2.0.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Natural Desktop" = Natural Desktop
"NeroMediaHome!UninstallKey" = Nero MediaHome CE
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectBar" = ObjectBar
"ObjectDock Plus" = ObjectDock Plus
"OUTLOOKR" = Microsoft Office Outlook 2007 Trial
"PlayFLV" = PlayFLV
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"PPTools - Remove ALL" = PPTools - Remove ALL
"PS3 Video 9" = PS3 Video 9 2.25
"Ramboost XP_is1" = RamBoost XP 4.0.6
"RealPlayer 6.0" = RealPlayer
"Registrar_is1" = Registrar Registry Manager 6.50
"Ri4m v5.0.1d" = Ri4m v5.0.1d
"Security Task Manager" = Security Task Manager 1.7h
"Spark 2.5.8" = Spark 2.5.8
"SPEEX" = SPEEX
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.3
"StyleXP" = StyleXP (remove only)
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SuperCopier2" = SuperCopier2
"SysMetrix" = SysMetrix 3.41
"TCPMP" = TCPMP
"TeamScripT V3.8" = TeamScripT V3.8
"Teeter Edit 1.4" = Teeter Edit 1.4
"THE Rename_is1" = THE Rename 2.1.6
"TomTom HOME" = TomTom HOME 2.6.2.1586
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.6 Beta
"UltraButton" = UltraButton
"UserBar Generator_is1" = UserBar Generator 1.2
"Video-AVI to GIF Converter_is1" = Video-AVI to GIF Converter v3.013 (Release date: 06-09-01 Free)
"Videora iPhone Converter" = Videora iPhone Converter 5.04
"VLC media player" = VideoLAN VLC media player 0.8.6e
"VORBISLQ" = VORBISLQ
"WAVPACK" = WAVPACK
"Webcam Surveyor_is1" = Webcam Surveyor 1.7.0
"WIC" = Windows Imaging Component
"WinClip 3.0.0_is1" = WinClip 3.0.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.33
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Z-Anaglyph" = Z-Anaglyph

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RemplaceVite" = RemplaceVite
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/05/2010 07:52:10 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 18/05/2010 07:53:03 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : A connection with the server could not be established

Error - 18/05/2010 07:53:05 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 18/05/2010 07:53:05 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 18/05/2010 07:53:38 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 18/05/2010 12:27:17 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : A connection with the server could not be established

Error - 18/05/2010 12:27:17 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 18/05/2010 16:12:42 | Computer Name = CHAMBRE | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant mpegsplitter.ax, version 1.0.0.5, adresse de défaillance 0x000249eb.

Error - 18/05/2010 16:13:36 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : A connection with the server could not be established

Error - 18/05/2010 16:13:36 | Computer Name = CHAMBRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

[ OSession Events ]
Error - 28/07/2009 05:25:54 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/07/2009 06:09:08 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/07/2009 06:21:48 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/07/2009 06:26:23 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/07/2009 06:32:01 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/07/2009 18:47:04 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/07/2009 18:51:33 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/08/2009 05:33:48 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/08/2009 05:34:11 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/08/2009 05:35:16 | Computer Name = CHAMBRE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/07/2010 18:23:01 | Computer Name = CHAMBRE | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2

Error - 08/07/2010 18:23:01 | Computer Name = CHAMBRE | Source = Service Control Manager | ID = 7000
Description = Le service Power Control [2010/05/19 02:07:46] n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 09/07/2010 00:29:28 | Computer Name = CHAMBRE | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
WZCSVC à une transaction.

Error - 09/07/2010 04:23:26 | Computer Name = CHAMBRE | Source = DCOM | ID = 10010
Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 09/07/2010 05:41:17 | Computer Name = CHAMBRE | Source = DCOM | ID = 10010
Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 09/07/2010 13:36:27 | Computer Name = CHAMBRE | Source = MaBtPort | ID = 393234
Description =

Error - 09/07/2010 13:36:36 | Computer Name = CHAMBRE | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 09/07/2010 13:37:01 | Computer Name = CHAMBRE | Source = Service Control Manager | ID = 7000
Description = Le service RHDISK n'a pas pu démarrer en raison de l'erreur : %%3

Error - 09/07/2010 13:37:01 | Computer Name = CHAMBRE | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2

Error - 09/07/2010 13:37:01 | Computer Name = CHAMBRE | Source = Service Control Manager | ID = 7000
Description = Le service Power Control [2010/05/19 02:07:46] n'a pas pu démarrer
en raison de l'erreur : %%3


< End of report >
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 10 Juil 2010, 15:05

Re-Re-


Pourquoi ne pas déposer ces rapports d'analyse sur cjoint?

CJoint.com conserve votre lien actif vingt et un jours, soit 504 heures.
http://cjoint.com/info.htm#z3


Cela signifie que dans 3 semaines personne ne pourra plus rien comprendre à ce sujet!

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede [ZeN] » 10 Juil 2010, 17:45

Désolé, je ne voulais pas " bourrer le forum " même si la durée de vie du fichier est de 3 semaines.
Merci NickW pour le C/Coller.

Au fait, pour cette ligne :
[2010/07/02 20:30:06 | 000,000,028 | ---- | M] () -- C:\Documents and Settings\Stéphane\Mes documents\iexplorer.bat

C'etait un .bat que j'ai fais pour killer iexplore.exe qui me gavait.
Je l'ai viré ça marchait qu'au démarrage.
[ZeN]
 
Messages: 7
Inscription: 09 Juil 2010, 10:48
Localisation: En vacances

Messagede nickW » 10 Juil 2010, 23:45

Bonsoir,

Tu as utilisé ComboFix.

Etait-ce sur les conseils d'un autre forum (lequel) ou de ta propre initiative (ce qui est plus que fortement déconseillé)?

Peux-tu envoyer le premier rapport d'analyse de ComboFix?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede [ZeN] » 11 Juil 2010, 00:36

Tout ce que j'ai essayé est de ma propre initiative.


ComboFix 10-07-01.02 - Stéphane 02/07/2010 18:19:59.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1279.779 [GMT 2:00]
Lancé depuis: c:\documents and settings\Stéphane\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\My.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-06-02 au 2010-07-02 ))))))))))))))))))))))))))))))))))))
.

2010-07-02 15:59 . 2010-07-02 15:59 -------- d-----w- c:\program files\Panicware
2010-07-02 08:50 . 2010-07-02 10:01 -------- d-----w- C:\VundoFix Backups
2010-07-02 08:34 . 2010-07-02 08:34 -------- d-----w- c:\program files\Trend Micro
2010-07-02 08:33 . 2010-07-02 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-07-01 17:45 . 2010-07-01 17:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-01 17:44 . 2010-07-01 17:44 -------- d-----w- c:\program files\Amirsys
2010-07-01 16:17 . 2010-07-01 16:17 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-01 16:15 . 2010-07-01 16:15 -------- d-----w- c:\documents and settings\Administrateur\PrivacIE
2010-07-01 16:15 . 2010-07-01 16:15 -------- d-----w- c:\documents and settings\Administrateur\IETldCache
2010-07-01 04:54 . 2010-07-01 04:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-28 07:31 . 2010-06-28 07:31 -------- d-----w- c:\program files\iPhoneBrowser
2010-06-27 17:19 . 2010-06-27 17:19 -------- d-----w- c:\program files\WindSolutions
2010-06-27 17:14 . 2010-07-01 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2010-06-27 11:18 . 2010-06-27 17:14 -------- d-----w- c:\program files\MediaMonkey
2010-06-26 19:22 . 2010-06-26 19:22 50480 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-26 10:36 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-26 10:36 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-26 10:34 . 2010-06-26 10:34 -------- d-----w- c:\program files\iPod
2010-06-26 10:34 . 2010-06-26 10:36 -------- d-----w- c:\program files\iTunes
2010-06-26 10:34 . 2010-06-26 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-26 10:32 . 2010-06-26 10:33 -------- d-----w- c:\program files\QuickTime
2010-06-26 10:31 . 2010-06-26 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-26 10:31 . 2010-06-26 10:31 -------- d-----w- c:\program files\Apple Software Update
2010-06-26 10:30 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-26 10:30 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-06-26 10:28 . 2010-06-26 10:28 -------- d-----w- c:\program files\Bonjour
2010-06-26 10:28 . 2010-06-26 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-06-26 10:28 . 2010-06-26 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-26 09:59 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-06-26 09:59 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-26 09:59 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-26 09:58 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-06-15 18:01 . 2010-06-15 18:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-11 11:59 . 2010-05-06 10:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-05 20:49 . 2010-06-05 20:51 -------- d-----w- c:\program files\Fritivi

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 15:55 . 2007-09-11 13:41 -------- d-----w- c:\program files\RamBoost XP
2010-07-02 10:51 . 2007-09-10 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 08:59 . 2009-04-17 09:42 -------- d-----w- c:\program files\G6M3 CheatCode Combiner
2010-07-02 08:09 . 2007-09-17 10:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 08:09 . 2007-09-10 05:38 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-02 08:05 . 2008-07-02 00:54 -------- d-----w- c:\program files\Camfrog
2010-07-01 17:44 . 2009-12-29 19:08 -------- d-----w- c:\program files\CeRegEditor
2010-06-27 11:08 . 2008-03-12 08:58 -------- d-----w- c:\program files\Red Kawa
2010-06-24 06:21 . 2004-08-05 12:00 86074 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-24 06:21 . 2004-08-05 12:00 513046 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-13 09:00 . 2007-09-29 21:43 -------- d-----w- c:\program files\teamscript35
2010-06-11 12:33 . 2007-10-12 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-11 12:22 . 2007-09-08 21:22 -------- d-----w- c:\program files\eMule
2010-06-08 16:27 . 2009-03-10 23:45 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-07 14:52 . 2009-12-26 01:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 18:43 . 2009-04-17 07:38 -------- d-----w- c:\program files\PhotoDeluxe 2.0
2010-05-29 10:45 . 2010-05-29 10:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{69F69AB0-8485-4B45-A118-148977C1651A}
2010-05-25 09:26 . 2010-05-25 09:17 -------- d-----w- c:\program files\Ripp-it_AM
2010-05-25 09:18 . 2007-09-08 19:07 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-25 09:02 . 2010-05-25 09:02 -------- d-----w- c:\program files\Video-AVI to GIF Converter
2010-05-24 02:13 . 2010-05-24 02:13 -------- d-----w- c:\program files\Panda Security
2010-05-24 02:07 . 2010-05-24 02:07 -------- d-----w- c:\program files\ESET
2010-05-19 00:52 . 2010-05-19 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-19 00:51 . 2010-05-19 00:51 -------- d-----w- c:\program files\DVD Shrink
2010-05-19 00:33 . 2010-05-19 00:33 -------- d-----w- c:\program files\DVDStyler
2010-05-19 00:24 . 2010-05-19 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-19 00:07 . 2010-05-19 00:05 -------- d-----w- c:\program files\CyberLink
2010-05-19 00:07 . 2010-05-19 00:07 -------- d-----w- c:\program files\Fichiers communs\CyberLink
2010-05-19 00:04 . 2008-03-01 01:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-19 00:04 . 2010-05-19 00:05 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-19 00:04 . 2010-05-19 00:04 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-05-19 00:04 . 2008-01-13 22:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-18 17:24 . 2007-09-10 23:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-18 17:14 . 2010-05-18 16:36 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-05-18 17:13 . 2010-05-18 17:13 -------- d-----w- c:\program files\Registrar Registry Manager
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 00:14 . 2010-05-18 00:11 -------- d-----w- c:\program files\programmes
2010-05-17 17:01 . 2010-05-17 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-05-17 17:00 . 2010-05-17 17:00 -------- d-----w- c:\program files\CDBurnerXP
2010-05-17 16:50 . 2007-09-11 08:43 -------- d-----w- c:\program files\Free Easy Burner
2010-05-14 09:36 . 2010-05-14 09:36 -------- d-----w- c:\program files\HxD
2010-05-12 15:40 . 2010-05-28 05:38 1343866 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2010-05-12 15:40 . 2010-05-28 05:38 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2010-05-12 15:40 . 2010-05-28 05:38 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2010-05-12 15:40 . 2010-05-28 05:38 377203 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2010-05-12 15:40 . 2010-05-28 05:38 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2010-05-10 08:40 . 2008-01-17 08:43 -------- d-----w- c:\program files\Ricochet Infinity
2010-05-06 10:33 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 09:17 . 2010-05-28 05:38 2670967 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2010-05-02 08:08 . 2004-08-05 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 13:05 . 2010-05-28 05:38 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2010-04-23 13:05 . 2010-05-28 05:38 254324 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll
2010-04-23 13:05 . 2010-05-28 05:38 393588 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2010-04-23 13:05 . 2010-05-28 05:38 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2010-04-20 05:30 . 2004-08-05 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 13:26 . 2010-05-28 05:38 541043 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2010-04-09 13:47 . 2010-04-09 13:47 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jnryao.dat
2010-04-08 22:26 . 2010-04-08 22:26 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-08 14:47 . 2010-04-08 14:47 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-08 14:47 . 2010-04-08 14:47 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-08 14:47 . 2010-04-08 14:47 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-08 14:47 . 2010-04-08 14:47 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-08 14:45 . 2010-04-08 14:45 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-08 14:33 . 2010-04-08 14:33 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-08 14:33 . 2010-04-08 14:47 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-08 14:31 . 2010-04-08 14:47 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2006-05-03 10:06 . 2009-04-04 13:05 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-04-04 13:05 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-04 13:05 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2003-03-01 138240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"RamBoostXp"="c:\program files\RamBoost XP\rambxpfr.exe" [2004-03-09 1542144]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

c:\documents and settings\St‚phane\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-9-9 1880133]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2003-08-25 09:25 139264 ------w- c:\program files\Fichiers communs\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\FileZilla Client\\filezilla.exe"=
"c:\\Program Files\\teamscript35\\nukenabber\\nukenabber.exe"=
"c:\\Program Files\\TeamScripT V3.8\\NukeNabber\\nukenabber.exe"=
"c:\\Program Files\\FreePCvcR\\vlc\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RecordingManager.exe"=
"c:\\Program Files\\CF3B5\\PS3.ProxyServer\\PS3.ProxyServer.GUI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\PS3 Media Server\\PMS.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"7561:TCP"= 7561:TCP:EMULE
"7571:UDP"= 7571:UDP:EMULE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/19 02:07];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 12:58 87536]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/05/2009 11:59 108289]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [17/11/2007 15:51 14976]
R3 MaBtPort;MA Bluetooth VCOM Driver;c:\windows\system32\drivers\MaBtPort.sys [10/09/2007 09:00 102272]
R3 MaBtVad;Mobile Action Bluetooth Audio;c:\windows\system32\drivers\MaBtVad.sys [10/09/2007 09:00 22990]
S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 10:40 217088]
S2 RHDISK;RHDISK;\??\c:\program files\Rohos\RHDISK.SYS --> c:\program files\Rohos\RHDISK.SYS [?]
S3 MaBtc;MA Bluetooth Core Driver;c:\windows\system32\drivers\mabtc.sys [10/09/2007 09:00 153568]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [11/07/2007 18:06 13824]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [26/04/2004 18:11 17280]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
.
Contenu du dossier 'Tâches planifiées'

2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Save Flash with Flash Catcher - c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {0AA9D051-5FE4-4B58-B56E-45B7FBFBCEFE} = 212.27.54.252,212.27.53.252
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - c:\documents and settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com (Virtus Designs)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\Stéphane\Application Data\Mozilla\Firefox\Profiles\k34p2r30.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 18:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\docume~1\STPHAN~1\LOCALS~1\Temp\catchme.dll

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,cc,48,84,be,88,aa,4f,9e,a4,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,cc,48,84,be,88,aa,4f,9e,a4,1b,\

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000020

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1123561945-1592454029-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:59,ae,76,c4,89,9b,9e,53,cd,d9,00,60,05,8f,bd,4f,4e,c0,95,72,7b,87,58,
5b,49,2a,6e,0d,f6,ce,fa,e3,60,d5,aa,70,3c,4f,e7,8f,d9,a4,b8,1b,a7,6d,f7,2b,\
"??"=hex:6d,37,d6,77,c5,36,02,af,25,3e,b4,81,3c,93,2b,fb
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\Fichiers communs\Stardock\mcpstub.dll
.
Heure de fin: 2010-07-02 18:32:17
ComboFix-quarantined-files.txt 2010-07-02 16:32
ComboFix2.txt 2010-05-31 11:39

Avant-CF: 23 649 148 928 octets libres
Après-CF: 23 636 742 144 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 33491611CDA034AF03817DC15C23A69F

*** END ***
[ZeN]
 
Messages: 7
Inscription: 09 Juil 2010, 10:48
Localisation: En vacances

Messagede [ZeN] » 11 Juil 2010, 00:39

Add-Remove Programs.txt

7-Zip 4.65
AC3
ACDSee 9 Gestionnaire de photos
Action Replay Code Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe PhotoDeluxe 2.0
Adobe Reader 8.2.2 - Français
Adobe Reader for Pocket PC 2.0
ADOCEinstall
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
Assistant de connexion Windows Live
Audacity 1.2.6
AutocompletePro
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Beneton Movie GIF 1.1.2
Bonjour
BootSkin
CartoExploreur 3 3.17
CCleaner
CDBurnerXP
CeRegEditor 0.0.5.1
Choice Guard
Configuration DivX
ConvertHelper 2.2
Copernic Agent Basic
CopyTrans Suite désinstallation uniquement
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
Creative Video Blaster WebCam Control
Creative WebCam Monitor
CursorXP
CyberLink PowerDVD 10
DLDIrc
DScaler 4.1.15
DScaler 5 Mpeg Decoders
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDStyler v1.8.0.3
EasyPHP 2.0b1
eMule
ffdshow [rev 1723] [2007-12-24]

*** END ***
[ZeN]
 
Messages: 7
Inscription: 09 Juil 2010, 10:48
Localisation: En vacances

Messagede [ZeN] » 11 Juil 2010, 00:40

ComboFix-quarantined-files.txt

2010-07-02 22:47:09 . 2010-07-02 22:47:09 23,211 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-02 19:15:47 . 2010-07-02 21:03:36 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

*** END ***
Voilà ce que m'a généré combofix.

Je pars en vacance 15 jours, bon début d été à vous.
[ZeN]
 
Messages: 7
Inscription: 09 Juil 2010, 10:48
Localisation: En vacances

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 27 invités