McMurphy

Salut Mark! J'utilise Mozilla habituellement, je trouve ça plus sur! j'opte pour Ccleaner et findykill et combofix sont désinstallés. Je te remerci une einiemé fois pour ton devoument et souhaite que tu aides d'autres personnes. J'apprécie énormément ce genre de comportement altruiste. Merci Mark, heureusement qu'il des gens dans ton genre sur cette planète . A bientôt,! Cordialement Maël.

Salut, Impeccable! le safe mode se lance et semble fonctionner au poil. C'est presque trop facile .... Je t'aurai bien payé une bière en contrepartie du temps que t'as fourni pour me sortir de là! Merci Mark! McMurphy.

L'antivirus se met bien en marche au démarrage. (le parapluie s'ouvre et reste ouvert près de l'horloge) Par contre, le safe mode a sauté en effet... il commence à se lancer et s'arrête sur le loading du fichier SPDT.sys. Puis il reboot. Quelle est la marche à suivre pour cette réparation?

Hop! je te poste le rapport. Avira AntiVir Personal Date de création du fichier de rapport : mardi 13 octobre 2009 18:16 La recherche porte sur 1791220 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP 64 Bit Version de Windows : (Service Pack 2) [5.2.3790] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : BLONDIN Informations de version : BUILD.DAT : 9.0.0.70 18071 Bytes 25/09/2009 12:03:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 11/10/2009 22:20:42 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 22:20:42 ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 29/09/2009 22:20:42 ANTIVIR3.VDF : 7.1.6.101 457728 Bytes 12/10/2009 21:31:58 Version du moteur : 8.2.1.35 AEVDF.DLL : 8.1.1.2 106867 Bytes 11/10/2009 22:20:42 AESCRIPT.DLL : 8.1.2.35 483707 Bytes 11/10/2009 22:20:42 AESCN.DLL : 8.1.2.5 127346 Bytes 11/10/2009 22:20:42 AERDL.DLL : 8.1.3.2 479604 Bytes 11/10/2009 22:20:42 AEPACK.DLL : 8.2.0.0 422261 Bytes 11/10/2009 22:20:42 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/10/2009 22:20:42 AEHEUR.DLL : 8.1.0.167 2011511 Bytes 11/10/2009 22:20:42 AEHELP.DLL : 8.1.7.0 237940 Bytes 11/10/2009 22:20:42 AEGEN.DLL : 8.1.1.67 364916 Bytes 11/10/2009 22:20:42 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 22:20:42 AECORE.DLL : 8.1.8.1 184693 Bytes 11/10/2009 22:20:42 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 11/10/2009 22:20:42 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 11/10/2009 22:20:42 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files (x86)\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, E:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Recherche optimisée...........................: marche Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Début de la recherche : mardi 13 octobre 2009 18:16 La recherche d'objets cachés commence. Impossible d'initialiser le pilote. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskmgr.exe' - '0' module(s) sont contrôlés Processus de recherche 'wish.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiprvse.exe' - '0' module(s) sont contrôlés Processus de recherche 'Tablet.exe' - '0' module(s) sont contrôlés Processus de recherche 'TabUserW.exe' - '0' module(s) sont contrôlés Processus de recherche 'wdfmgr.exe' - '0' module(s) sont contrôlés Processus de recherche 'Tablet.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'tcpsvcs.exe' - '0' module(s) sont contrôlés Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc64.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'AdskScSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '0' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '0' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '0' module(s) sont contrôlés Processus de recherche 'services.exe' - '0' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '0' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '0' module(s) sont contrôlés Processus de recherche 'smss.exe' - '0' module(s) sont contrôlés '9' processus ont été contrôlés avec '9' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'E:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '47' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <Winni> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Documents and Settings\Administrator\My Documents\FileZilla_3.2.7_win32-setup.exe [0] Type d'archive: NSIS [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. --> u [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. C:\WINDOWS\system32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' <Taff> Recherche débutant dans 'E:\' <C le fun> Fin de la recherche : mardi 13 octobre 2009 19:08 Temps nécessaire: 51:17 Minute(s) La recherche a été effectuée intégralement 12341 Les répertoires ont été contrôlés 470079 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 470077 Fichiers non infectés 2171 Les archives ont été contrôlées 4 Avertissements 1 Consignes Après consultations, ce sont bien des fichiers qu'ils n'arrivent pas à ouvrir. Bien vu ! System opé et en plus j'en apprends ! c'est pas génial? ^^ Thanks a lot.

Bonsoir! J'ai en effet fait plusieurs scans avec antiVir, il a nettoyé une trentaine de fichiers... Le pc tourne comme avant, l'antivirus se lance bien au démarrage et le dernier scan que j'ai passé avec antiVir n'a pas détecté d'alertes mais des avertissements sons présent. J'ai l'impression que mon problème est résolu! grâce à vous merci beaucoup! Je serais plus prudent à l'avenir. Merci Mark et bonne continuation.

Voila les 2 rapports OTL: ( dit donc, c'est un fait un Vrai Cv de ton pc ce logiciel ! ) OTL.TXT: OTL logfile created on: 13/10/2009 10:43:58 - Run 1 OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 6.0.3790.1830) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 3,35 Gb Available Physical Memory | 83,87% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): c:\pagefile.sys 4092 8184 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 43,95 Gb Total Space | 4,83 Gb Free Space | 10,99% Space Free | Partition Type: NTFS Drive D: | 57,26 Gb Total Space | 1,13 Gb Free Space | 1,96% Space Free | Partition Type: NTFS Drive E: | 145,96 Gb Total Space | 8,34 Gb Free Space | 5,71% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BLONDIN Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/13 10:33:13 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/10/12 00:20:42 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009/04/15 17:16:48 | 00,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe PRC - [2008/06/23 14:53:20 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/08/26 00:37:51 | 01,315,592 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64 [On_Demand | Stopped]) SRV:64bit: - [2006/09/29 12:48:34 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe -- (mi-raysat_3dsmax9_64 [Disabled | Stopped]) SRV - [2009/10/12 00:20:42 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2009/10/12 00:20:42 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Stopped]) SRV - [2009/08/25 23:52:15 | 00,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2009/04/15 17:16:48 | 00,066,872 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2008/06/23 14:53:20 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running]) SRV - [2008/06/23 13:36:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2007/02/18 13:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped]) SRV - [2007/02/18 13:05:18 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\6to4svc.dll -- (6to4 [Auto | Running]) SRV - [2007/02/17 02:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006/10/30 03:45:06 | 00,781,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2006/10/21 05:56:04 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped]) SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2005/09/23 03:26:42 | 00,090,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) SRV - [2005/09/23 03:26:42 | 00,041,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2005/03/25 15:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet [On_Demand | Stopped]) SRV - [2005/03/25 15:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2005/03/25 15:00:00 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tcpsvcs.exe -- (SimpTcp [Auto | Running]) SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2009/02/13 12:36:57 | 00,013,656 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys -- (avgio [system | Running]) DRV - [2007/02/07 20:27:46 | 00,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan [system | Running]) DRV - [2006/04/04 14:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd [system | Running]) DRV - [2003/03/27 13:55:48 | 00,011,776 | ---- | M] (WayTech Development, Inc.) -- C:\WINDOWS\SysWow64\drivers\kbfilter.sys -- (kbfilter [system | Stopped]) DRV - [2003/01/23 14:29:28 | 00,009,548 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\SysWow64\drivers\moufiltr.sys -- (moufiltr [system | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1 IE - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default IE - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) IE - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\S-1-5-21-3579952121-1397338505-1306601610-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\S-1-5-21-3579952121-1397338505-1306601610-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/27 23:34:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/09 00:06:12 | 00,000,000 | ---D | M] [2009/08/25 17:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2009/08/25 17:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/10/10 10:43:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\daob227d.default\extensions [2009/08/28 11:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\daob227d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/08/25 17:17:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009/09/12 18:17:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/12 18:17:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2009/09/12 18:17:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2009/09/12 18:17:52 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009/07/31 00:44:21 | 00,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml [2009/07/31 00:44:21 | 00,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2009/07/31 00:44:21 | 00,000,757 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml [2009/07/31 01:41:07 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2009/07/31 00:44:21 | 00,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml [2009/07/31 00:44:21 | 00,000,652 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe File not found O4 - HKU\S-1-5-21-3579952121-1397338505-1306601610-500..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\SysWow64\tscupgrd.exe File not found O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files (x86)\Ensemble clavier et souris sans fil Labtec\MagicKey.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\SysNative\nwprovau.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\SysWow64\nwprovau.dll File not found O15:64bit: - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files (x86)\Risk\Images\stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files (x86)\Risk\Images\armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter: - application/octet-stream - File not found O18:64bit: - Protocol\Filter: - application/x-complus - File not found O18:64bit: - Protocol\Filter: - application/x-msdownload - File not found O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SysNative\upnpui.dll File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/21 18:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/08/13 21:40:22 | 00,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{2c532050-d4c0-11dd-ad1b-001e8c545e37}\Shell\AutoRun\command - "" = I:\WD_Windows_Tools\Setup.exe -- File not found O33 - MountPoints2\{67fb9bc8-491c-11dd-af91-001e8c545e37}\Shell - "" = AutoRun O33 - MountPoints2\{67fb9bc8-491c-11dd-af91-001e8c545e37}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{67fb9bc8-491c-11dd-af91-001e8c545e37}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{d99e8522-dd61-11dd-8d62-001e8c545e37}\Shell\AutoRun\command - "" = H:\WD_Windows_Tools\Setup.exe -- File not found O33 - MountPoints2\{e28b9a6a-d33c-11dd-a271-001e8c545e37}\Shell\AutoRun\command - "" = H:\SEVERINA\\aleluja.exe -- File not found O33 - MountPoints2\{e28b9a6a-d33c-11dd-a271-001e8c545e37}\Shell\explore\command - "" = H:\SEVERINA\aleluja.exe -- File not found O33 - MountPoints2\{e28b9a6a-d33c-11dd-a271-001e8c545e37}\Shell\open\command - "" = H:\SEVERINA\aleluja.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\SysWow64\*.tmp files] [2009/10/11 21:09:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2009/10/13 09:57:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/13 09:58:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2009/10/06 15:12:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith [2009/10/11 21:09:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2009/10/13 09:57:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009/10/11 10:43:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync [2009/10/13 10:33:13 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/10/13 10:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Malwa [2009/10/13 09:57:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys [2009/10/13 09:57:07 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe [2009/10/12 12:14:23 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009/10/11 23:52:23 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cmd.execf [2009/10/11 23:42:59 | 00,000,000 | ---D | C] -- C:\FindyKill [2009/10/11 21:09:39 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysWow64\drivers\ssmdrv.sys [2009/10/09 18:32:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Sons [2009/10/09 14:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Clairou [2009/10/08 19:31:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Pic [2009/10/07 14:45:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Animation tricks [2009/09/29 21:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\EA Games [2009/09/28 15:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Angelo [2009/09/28 09:35:34 | 00,000,000 | ---D | C] -- C:\deb [2009/09/18 23:13:36 | 00,201,728 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\SysWow64\District 9 - Screensaver.scr [2009/09/18 23:13:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\District 9 - Screensaver dir [2009/05/14 22:15:24 | 05,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll [2009/05/14 22:15:24 | 04,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll [2009/05/14 21:02:10 | 03,392,872 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\adlmint_libFNP.dll [2009/05/14 21:02:10 | 03,298,152 | ---- | C] (Autodesk) -- C:\Program Files (x86)\Common Files\adlmint.dll ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\SysWow64\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009/10/13 10:41:00 | 00,001,178 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3579952121-1397338505-1306601610-500UA.job [2009/10/13 10:33:13 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/10/13 10:27:13 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bogle).doc [2009/10/13 10:21:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/13 10:21:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/13 09:58:01 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/13 09:57:08 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe [2009/10/12 19:41:00 | 00,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3579952121-1397338505-1306601610-500Core.job [2009/10/12 12:58:14 | 00,178,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\L71-290x245.pdf [2009/10/12 12:14:30 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cmd.execf [2009/10/12 00:50:28 | 03,336,733 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/10/12 00:42:08 | 01,196,494 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FindyKill.exe [2009/10/11 21:22:57 | 00,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/11 21:09:48 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2009/10/11 21:07:40 | 30,143,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_free.exe [2009/10/11 10:43:15 | 00,002,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009/10/09 14:06:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt [2009/10/09 11:46:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/08 23:20:07 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Document Microsoft Word.doc [2009/10/07 13:47:28 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2009/10/06 18:04:05 | 00,015,351 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CV2009 Lemarchand Maël C.Animator.pdf [2009/09/28 16:11:25 | 03,352,150 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FairTrading THURISTAR.mp4 [2009/09/28 15:40:31 | 30,054,810 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3D Animation Masterclass_ Acting Tutorial Highlights.mp4 [2009/09/28 13:28:22 | 00,098,716 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Prime 500.pdf [2009/09/18 23:13:36 | 00,201,728 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\SysWow64\District 9 - Screensaver.scr ========== Files - No Company Name ========== [2009/10/13 10:15:53 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bogle).doc [2009/10/13 09:58:01 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/12 12:58:14 | 00,178,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\L71-290x245.pdf [2009/10/12 00:50:28 | 03,336,733 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/10/12 00:41:50 | 01,196,494 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FindyKill.exe [2009/10/11 21:09:48 | 00,001,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2009/10/11 21:05:50 | 30,143,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_free.exe [2009/10/11 10:43:15 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009/10/07 16:43:50 | 56,088,0822 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ALARM.wmv [2009/10/06 18:04:56 | 00,015,351 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CV2009 Lemarchand Maël C.Animator.pdf [2009/09/28 16:11:01 | 03,352,150 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FairTrading THURISTAR.mp4 [2009/09/28 15:33:11 | 30,054,810 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3D Animation Masterclass_ Acting Tutorial Highlights.mp4 [2009/09/28 13:28:21 | 00,098,716 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Prime 500.pdf [2009/04/15 17:12:10 | 00,000,331 | ---- | C] () -- C:\WINDOWS\game.ini [2009/01/22 14:07:21 | 00,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/12/09 14:30:24 | 00,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll [2008/11/17 12:50:58 | 00,151,552 | ---- | C] () -- C:\WINDOWS\SysWow64\nvRegDev.dll [2008/10/07 13:33:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll [2008/10/07 13:33:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll [2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll [2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll [2008/09/02 18:24:41 | 00,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2008/08/24 23:28:19 | 00,000,250 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2008/07/31 23:21:12 | 00,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv [2008/06/23 14:57:30 | 00,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/23 14:43:20 | 00,487,996 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2008/06/23 12:55:56 | 00,220,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/06/23 12:41:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\HKLock.dll [2008/06/23 12:41:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HKLock.dll [2008/06/23 11:50:12 | 00,014,342 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2008/06/23 11:49:01 | 00,014,098 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008/06/23 11:48:54 | 00,010,288 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS [2008/06/23 10:38:26 | 00,015,360 | ---- | C] () -- C:\WINDOWS\SysWow64\BASSMOD.dll [2008/06/21 19:55:06 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini [2008/06/21 19:54:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008/06/21 18:25:27 | 03,176,604 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2008/06/21 18:24:50 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll [2008/06/21 18:24:45 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll [2008/06/21 18:24:44 | 01,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll [2008/06/21 18:24:44 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll [2008/06/21 18:24:44 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll [2008/06/21 18:24:44 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll [2008/06/21 18:24:44 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll [2008/06/21 18:24:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll [2008/06/21 18:24:40 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2008/06/21 18:24:40 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll [2008/06/21 18:24:40 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll [2008/06/21 18:24:40 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll [2008/06/21 18:24:38 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll [2008/06/21 18:24:34 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll [2008/06/21 18:24:34 | 00,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll [2008/06/21 18:24:33 | 00,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll [2008/06/21 18:24:33 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll [2008/06/21 18:24:33 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll [2008/06/21 18:24:33 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll [2008/06/21 18:19:50 | 00,122,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/06/21 18:10:10 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2008/06/21 18:02:43 | 00,000,401 | ---- | C] () -- C:\WINDOWS\win.ini [2008/06/21 18:02:12 | 00,000,002 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll [2007/06/26 00:10:12 | 02,465,792 | ---- | C] () -- C:\WINDOWS\SysWow64\PhysXCore.dll [2007/06/26 00:10:12 | 00,327,680 | ---- | C] () -- C:\WINDOWS\SysWow64\NxCooking.dll [2007/06/26 00:10:12 | 00,126,976 | ---- | C] () -- C:\WINDOWS\SysWow64\NxCharacter.dll [2007/06/26 00:10:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\SysWow64\NxExtensions.dll [2007/01/10 08:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\SysWow64\SSCProt.dll [2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\SysWow64\InsDrvZD64.DLL [2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\InsDrvZD.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 < End of report > Extras.TXT: OTL Extras logfile created on: 13/10/2009 10:43:58 - Run 1 OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 6.0.3790.1830) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 3,35 Gb Available Physical Memory | 83,87% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): c:\pagefile.sys 4092 8184 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 43,95 Gb Total Space | 4,83 Gb Free Space | 10,99% Space Free | Partition Type: NTFS Drive D: | 57,26 Gb Total Space | 1,13 Gb Free Space | 1,96% Space Free | Partition Type: NTFS Drive E: | 145,96 Gb Total Space | 8,34 Gb Free Space | 5,71% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BLONDIN Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found .ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found .jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found .txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found .vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found .vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found .wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe File not found .wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found batfile [open] -- "%1" %* File not found batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found cmdfile [open] -- "%1" %* File not found cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l File not found jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found piffile [open] -- "%1" %* File not found regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* File not found regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping "3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping "3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" = C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 64-bit -- (Autodesk, Inc.) "C:\Program Files (x86)\Autodesk\Backburner\monitor.exe" = C:\Program Files (x86)\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.) "C:\Program Files (x86)\Autodesk\Backburner\manager.exe" = C:\Program Files (x86)\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.) "C:\Program Files (x86)\Autodesk\Backburner\server.exe" = C:\Program Files (x86)\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.) "C:\Program Files (x86)\aMSN\bin\wish.exe" = C:\Program Files (x86)\aMSN\bin\wish.exe:*:Enabled:Wish Application -- (ActiveState Corporation) "C:\Program Files (x86)\eMule\emule.exe" = C:\Program Files (x86)\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net'>http://www.emule-project.net) "C:\Program Files (x86)\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files (x86)\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer -- File not found "C:\Program Files (x86)\TwonkyMedia\TwonkyMedia.exe" = C:\Program Files (x86)\TwonkyMedia\TwonkyMedia.exe:*:Enabled:TwonkyMedia -- File not found "E:\Jeux\Babo Violent 2\bv2.exe" = E:\Jeux\Babo Violent 2\bv2.exe:*:Enabled:bv2 -- File not found "E:\Jeux\BaboViolent 2\bv2.exe" = E:\Jeux\BaboViolent 2\bv2.exe:*:Enabled:bv2 -- File not found "C:\Program Files\Autodesk\Maya2008\bin\maya.exe" = C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Disabled:Maya -- File not found "C:\Program Files\Autodesk\Maya2009\bin\maya.exe" = C:\Program Files\Autodesk\Maya2009\bin\maya.exe:*:Enabled:Maya -- (Autodesk) "C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "E:\Left 4 Dead\left4dead.exe" = E:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" = C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 64-bit -- (Autodesk, Inc.) "C:\Program Files (x86)\Autodesk\Backburner\monitor.exe" = C:\Program Files (x86)\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.) "C:\Program Files (x86)\Autodesk\Backburner\manager.exe" = C:\Program Files (x86)\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.) "C:\Program Files (x86)\Autodesk\Backburner\server.exe" = C:\Program Files (x86)\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.) "C:\Program Files (x86)\aMSN\bin\wish.exe" = C:\Program Files (x86)\aMSN\bin\wish.exe:*:Enabled:Wish Application -- (ActiveState Corporation) "C:\Program Files (x86)\eMule\emule.exe" = C:\Program Files (x86)\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Program Files (x86)\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files (x86)\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer -- File not found "C:\Program Files (x86)\TwonkyMedia\TwonkyMedia.exe" = C:\Program Files (x86)\TwonkyMedia\TwonkyMedia.exe:*:Enabled:TwonkyMedia -- File not found "E:\Jeux\Babo Violent 2\bv2.exe" = E:\Jeux\Babo Violent 2\bv2.exe:*:Enabled:bv2 -- File not found "E:\Jeux\BaboViolent 2\bv2.exe" = E:\Jeux\BaboViolent 2\bv2.exe:*:Enabled:bv2 -- File not found "C:\Program Files\Autodesk\Maya2008\bin\maya.exe" = C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Disabled:Maya -- File not found "C:\Program Files\Autodesk\Maya2009\bin\maya.exe" = C:\Program Files\Autodesk\Maya2009\bin\maya.exe:*:Enabled:Maya -- (Autodesk) "C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "E:\Left 4 Dead\left4dead.exe" = E:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0ADCF9F9-7EA9-48B5-9656-D65B2B246203}" = Windows Communication Foundation (x64) "{21C909D2-0CC5-486C-BABF-DF4A6A67F1D4}" = Autodesk 3ds Max 9 64-bit "{227B4E66-B95F-46B8-8E86-740D5CBFC65C}" = Maya 2009 (64-bit) "{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit) "{89BF6CBE-A47A-4CAB-AE77-D0D5A234CCA5}" = Windows Workflow Foundation "{96642397-CB2F-400B-91B6-A01C44146643}" = Autodesk DirectConnect 2.0 (64-bit) "{B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0}" = Microsoft .NET Framework 2.0 (x64) "{D44BCDFB-817B-4C14-8551-915E8B9DDD8B}" = Maya 2009 (64-bit) Documentation (en_US) "{EA03711E-CD74-4204-9476-FE5E17C6FDDC}_is1" = MultiTool 20090114 "{EC4EBC45-30AF-4F3C-B2B5-2FAF3FF9A1D1}" = Autodesk DirectConnect 2009 (64-bit) "{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64 "Microsoft .NET Framework 2.0 (x64)" = Microsoft .NET Framework 2.0 (x64) "NVIDIA Drivers" = NVIDIA Drivers "WIC" = Windows Imaging Component "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver "{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009 "{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7 "{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A1086DA0-903E-4DEA-A83F-6317923CC63D}" = headus UVLayout v2 Professional "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A369B607-5BAF-4AB3-B18A-1017ED19902D}" = Ensemble clavier et souris sans fil Labtec "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F372DBE7-3035-4939-A750-FD96664100D5}}_is1" = Rip It ! (CD) "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "Adobe After Effects 7.0" = Adobe After Effects 7.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "aMSN" = aMSN 0.97.2 "AtcL1" = Attansic L1 Gigabit Ethernet Driver "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BSW" = BrettspielWelt "CCleaner" = CCleaner (remove only) "Conquist" = Conquist "District 9 - Screensaver" = District 9 - Screensaver "eMule" = eMule "FBX Plugin 2006.08 for Max 9.0 64" = FBX Plugin 2006.08 for Max 9.0 64 "FileZilla Client" = FileZilla Client 3.2.4.1 "Foxit Reader" = Foxit Reader "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaMonkey_is1" = MediaMonkey 3.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "particleIllusion 3.0" = particleIllusion 3.0 "Shutdown-IT" = Shutdown-IT "SpeedFan" = SpeedFan (remove only) "Tablet Driver" = Tablet "VLC media player" = VLC media player 1.0.1 "Vuze" = Vuze "WinRAR archiver" = Archiveur WinRAR "XnView_is1" = XnView 1.96.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3579952121-1397338505-1306601610-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27/08/2009 03:40:11 | Computer Name = BLONDIN | Source = Application Hang | ID = 1002 Description = Hanging application wish.exe, version 8.5.2.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 29/09/2009 08:38:52 | Computer Name = BLONDIN | Source = Application Hang | ID = 1002 Description = Hanging application WinRAR.exe, version 3.51.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 29/09/2009 15:47:22 | Computer Name = BLONDIN | Source = Application Error | ID = 1000 Description = Faulting application mirrorsedge.exe, version 1.0.0.0, faulting module mirrorsedge.exe, version 1.0.0.0, fault address 0x020a3238. Error - 29/09/2009 17:46:26 | Computer Name = BLONDIN | Source = Application Error | ID = 1000 Description = Faulting application mirrorsedge.exe, version 1.0.0.0, faulting module mirrorsedge.exe, version 1.0.0.0, fault address 0x020a3238. Error - 29/09/2009 17:47:05 | Computer Name = BLONDIN | Source = Application Error | ID = 1000 Description = Faulting application mirrorsedge.exe, version 1.0.0.0, faulting module mirrorsedge.exe, version 1.0.0.0, fault address 0x020a3238. Error - 07/10/2009 03:34:04 | Computer Name = BLONDIN | Source = Application Error | ID = 1000 Description = Faulting application aleluja.exe, version 0.0.0.0, faulting module shlwapi.dll, version 6.0.3790.3959, fault address 0x000110a7. Error - 07/10/2009 03:34:39 | Computer Name = BLONDIN | Source = Application Error | ID = 1000 Description = Faulting application aleluja.exe, version 0.0.0.0, faulting module shlwapi.dll, version 6.0.3790.3959, fault address 0x000110a7. Error - 10/10/2009 05:11:07 | Computer Name = BLONDIN | Source = Application Hang | ID = 1002 Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/10/2009 15:41:08 | Computer Name = BLONDIN | Source = Google Update | ID = 20 Description = Error - 11/10/2009 16:41:08 | Computer Name = BLONDIN | Source = Google Update | ID = 20 Description = [ System Events ] Error - 13/10/2009 04:21:41 | Computer Name = BLONDIN | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\moufiltr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 13/10/2009 04:23:05 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7000 Description = The ZDPSp50a64 NDIS Protocol Driver service failed to start due to the following error: %%2 Error - 13/10/2009 04:23:05 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7001 Description = The Wireless Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: %%1058 Error - 13/10/2009 04:23:05 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: kbfilter Error - 13/10/2009 04:39:46 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7031 Description = The Avira AntiVir Planificateur service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 13/10/2009 04:39:49 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7031 Description = The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 13/10/2009 04:40:00 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7031 Description = The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 13/10/2009 04:40:06 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7034 Description = The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s). Error - 13/10/2009 04:40:34 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7031 Description = The Avira AntiVir Planificateur service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 13/10/2009 04:40:38 | Computer Name = BLONDIN | Source = Service Control Manager | ID = 7034 Description = The Avira AntiVir Planificateur service terminated unexpectedly. It has done this 3 time(s). < End of report > Merci d'avance pour ta future analyse. McMurphy.

Salut! Tous d'abord merci pour ta réponse rapide! Je te poste le premier de Malwarebytes' Anti-Malware, le deuxième suivra dans le prochaine post. MBam: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2952 Windows 5.2.3790 Service Pack 2 13/10/2009 10:19:17 mbam-log-2009-10-13 (10-18-47).txt Type de recherche: Examen rapide Eléments examinés: 89953 Temps écoulé: 2 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Note: j'ai bien supprimé le fichier infecté et redémarré l'ordi.

" A cliquer n'importe ou... ça devient n'importe quoi ! " Bonjour à tous, Après avoir tenté de résoudre le problème par mes propres moyens, je me retrouve dans une impasse ( et je perds beaucoup de temps à chercher les infos utiles...) Je fais donc appelle à vous pour m'aidez à m'en sortir. J'ai chopé Bagle par manque d'attention et un peu de fatigue ( c'est pour ma défense . lorsque que j'ai vu que j'avais cette m**de, j'ai tenté la marche à suivre FindyKill et Combofix. Le premier ne s'installe pas, car il ne supporte pas mon système ( non mais oh !!). le 64bits peut être? Et combo fix ne s'installe pas non plus, il me manque le fichier NircmdB.exe. A ce point, je fais stop, regarde les dégâts et je me tourne vers vous afin de sauver les meubles. ( et pourquoi pas la maison entière) Merci d'avance.