[Résolu] PC encore infecté

K38 · le 16 février 2009

Bonsoir,

Tout d'abord lorsque j'allume mon PC, j'ai un message d'erreur me disant que C:\WINNT\system32\drivers\NirCmd.exe est introuvable.

Ensuite j'ai 2 trojans (vdshd.exe et x6cdshd.exe) que AntirVir détecte toutes les 2 minutes sans pouvoir les supprimer automatiquement ce qui fait que les fenêtres de détection s'ouvrent les unes derrière les autres !!!

Voici un rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:00:48, on 16/02/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\NirCmd.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE

--

End of file - 7557 bytes

Modifié le 23 mars 2009 par K38

pear · le 16 février 2009

Bonsoir,

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Dans Hijackthis,cochez ces lignes puis clic sur Fix checked

F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\NirCmd.exe

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

K38 · le 17 février 2009

Impossible de lancer MBAM. J'ai pourtant désinstallé puis réinstallé mais rien y fait.

J'ai le message d'erreur suivant : Erreur de chargement de la base de données. Ligne : #51046 (0)

K38 · le 17 février 2009

Bon j'ai enfin pu faire l'analyse mais il n'a rien trouvé !!!

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1749

Windows 5.0.2195 Service Pack 4

17/02/2009 15:34:07

mbam-log-2009-02-17 (15-34-06).txt

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 121199

Temps écoulé: 1 hour(s), 46 minute(s), 18 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

pear · le 17 février 2009

Bonsoir,

Recherche

Télécharger OTScanIt2 de Old_Timer sur leBureau ,

b]Vous devez désactiver la protection en temps réel de votre Antivirus[/b] qui peut considérer certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Double-clic sur l'archive pour dézipper le dossier et crée run dossier OTScanIt2 sur le Bureau,

Un compte disposant de droits administrateurs est nécessaire pour exécuter le programme

Fermer tous les autres programmes à l'exception du navigateur,

Ouvrez le dossier OTScanIt2 et faiste un double-clic sur le fichier OTScanIt2.exe ( sous Vista, faites un clic droit sur OTScanIt.exe et choisissez d'exécuter en tant qu'administrateur),

Sous "File Age" en haut, cliquer sur le menu déroulant et sélectionne "90 days".

Dans la sectionRootkit Searchs , choisir Yes.

Sous "Additional Scans" cliquersur le bouton "Extras" puis cocher la case située devant les éléments suivants afin de les sélectionner :

Reg - ColumnHandlers,

Reg - Desktop Components,

Reg - Disabled MS Config Items,

Reg - NetSvcs,

Reg - Session Manager Settings,

Reg - Shell Spawning,

Reg - Tcpip Persistent Routes

Ensuite, cliquez sur le bouton Run Scan dans la barre d'outils,

Laissez le programme tourner sans intervenir,

Lorsque l'analyse est terminée, le bloc-note va s'ouvrir avec le rapport d'analyse.

Cliquer sur le menu Format et vérifier que Retour automatique à la ligne n'est pas coché.

Editer le rapport, en plusieurs fois si nécessaire si un message d'erreur apparait ,et le coller sur le forum.

K38 · le 17 février 2009

OTScanIt2 logfile created on: 17/02/2009 23:55:52 - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1	 Folder = d:\Documents and Settings\Karim\Bureau\OTScanIt2
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

191,48 Mb Total Physical Memory | 29,70 Mb Available Physical Memory | 15,51% Memory free
747,82 Mb Paging File | 399,02 Mb Available in Paging File | 53,36% Paging File free
Paging file location(s): C:\pagefile.sys 288 288;D:\pagefile.sys 288 288;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 9,09 Gb Total Space | 1,13 Gb Free Space | 12,46% Space Free | Partition Type: NTFS
Drive D: | 9,53 Gb Total Space | 3,57 Gb Free Space | 37,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PORTABLE
Current User Name: Karim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/25 23:07:36 | 00,151,297 | ---- | M] (Avira GmbH)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/05 20:58:23 | 00,307,704 | ---- | M] (Mozilla Corporation)
hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> [2002/04/17 10:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard)
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [2002/04/17 10:49:16 | 00,077,824 | ---- | M] ()
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> [2003/04/06 00:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.)
hpohmr08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.)
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> [2003/04/06 00:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.)
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard)
hpqcmon.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe -> [2002/10/07 00:23:20 | 00,090,112 | ---- | M] ()
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/24 10:05:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/01/24 10:05:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
mspmspsv.exe -> %SystemRoot%\system32\mspmspsv.exe -> [2001/10/01 19:48:44 | 00,053,248 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Bureau\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2006/06/14 19:53:55 | 00,282,624 | ---- | M] (Apple Computer, Inc.)
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/25 23:07:39 | 00,068,865 | ---- | M] (Avira GmbH)
stisvc.exe -> %SystemRoot%\system32\stisvc.exe -> [2003/06/19 11:05:04 | 00,062,224 | ---- | M] (Microsoft Corporation)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
vdshd.exe -> %UserProfile%\vdshd.exe -> [2009/02/17 23:55:37 | 00,025,133 | ---- | M] (UTool)
winmgmt.exe -> %SystemRoot%\system32\wbem\winmgmt.exe -> [2003/06/19 11:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation)
wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> [2004/12/16 16:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.)

[Win32 Services - Safe List]
(ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> [2004/10/22 12:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.)
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/25 23:07:39 | 00,068,865 | ---- | M] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/25 23:07:36 | 00,151,297 | ---- | M] (Avira GmbH)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> [2003/06/19 11:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.)
(Fax) Service de télécopie [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\faxsvc.exe -> [2003/06/19 11:05:04 | 00,096,016 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/24 10:05:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NirSoft Service Controler) NirSoft Service Controler [Win32_Own | Disabled | Stopped] ->  -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2003/03/09 05:31:02 | 00,065,795 | ---- | M] (HP)
(QOS) FireDaemon Service: QOS [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Microsoft\user\firedaemon.exe -> [2004/05/16 13:06:11 | 00,081,920 | ---- | M] ()
(RemoteRegistry) Service d'accès à distance au Registre [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\regsvc.exe -> [2003/06/19 11:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation)
(Service Controler) Service Controler [Win32_Own | Disabled | Stopped] ->  -> File not found
(StiSvc) Still Image Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\stisvc.exe -> [2003/06/19 11:05:04 | 00,062,224 | ---- | M] (Microsoft Corporation)
(UtilMan) Gestionnaire d'utilitaires [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\utilman.exe -> [2003/06/19 11:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation)
(WinMgmt) Infrastructure de gestion Windows [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wbem\winmgmt.exe -> [2003/06/19 11:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\mspmspsv.exe -> [2001/10/01 19:48:44 | 00,053,248 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AFS2K.SYS -> [2005/11/18 15:09:53 | 00,082,380 | ---- | M] (Oak Technology Inc.)
(ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> [2004/07/27 10:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.)
(atirage3) atirage3 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\atimpab.sys -> [1999/12/14 22:10:50 | 00,071,792 | ---- | M] (ATI Technologies Inc.)
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:41 | 00,062,016 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/11/25 20:56:34 | 00,075,072 | ---- | M] (Avira GmbH)
(Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_2K.sys -> [2006/01/01 22:48:04 | 00,058,000 | ---- | M] (Roxio)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> [2006/01/01 22:48:04 | 00,023,420 | ---- | M] (Roxio)
(Diskperf) Diskperf [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\diskperf.sys -> [2003/06/19 11:05:04 | 00,007,728 | ---- | M] (Microsoft Corporation)
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> [2003/06/19 11:05:04 | 00,369,104 | ---- | M] (VERITAS Software Corp.)
(dmio) Pilote de Gestionnaire de disque logique [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> [2003/06/19 11:05:04 | 00,138,096 | ---- | M] (VERITAS Software Corp.)
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> [2003/06/19 11:05:04 | 00,007,312 | ---- | M] (VERITAS Software Corp.)
(ds1) Pilote audio DS1 YAMAHA (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ds1wdm.sys -> [1999/11/06 22:06:58 | 00,358,928 | ---- | M] (Microsoft Corporation)
(EFS) EFS [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\efs.sys -> [2003/06/19 11:05:04 | 00,027,440 | ---- | M] (Microsoft Corporation)
(EL3C574) Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\el574nd4.sys -> [1999/09/25 03:16:52 | 00,024,848 | ---- | M] (3Com Corporation)
(fbxusb) Carte réseau virtuelle FreeBox USB (32 bits) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fbxusb32.sys -> [2007/08/27 14:12:06 | 00,031,128 | ---- | M] (FreeBox SA)
(gameenum) Port jeu pour Yamaha DS1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2003/06/19 12:05:04 | 00,009,808 | ---- | M] (Microsoft Corporation)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2003/03/09 05:31:00 | 00,051,024 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2003/03/09 05:31:02 | 00,016,080 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2003/03/09 05:31:02 | 00,021,456 | ---- | M] (HP)
(MPE) BDA MPE Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mpe.sys -> [2001/10/16 08:17:14 | 00,013,952 | ---- | M] (Microsoft Corporation)
(NetDetect) NetDetect [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\netdtect.sys -> [2001/05/08 01:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation)
(NwlnkIpx) Protocole de transport compatible NWLink IPX/SPX/NetBIOS [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\nwlnkipx.sys -> [2003/06/19 11:05:04 | 00,091,408 | ---- | M] (Microsoft Corporation)
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnknb.sys -> [2003/06/19 11:05:04 | 00,065,520 | ---- | M] (Microsoft Corporation)
(NwlnkSpx) Protocole NWLink SPX/SPXII [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkspx.sys -> [2001/05/08 01:00:00 | 00,058,480 | ---- | M] (Microsoft Corporation)
(NWRDR) NetWare Rdr [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\nwrdr.sys -> [2006/09/01 05:57:48 | 00,161,520 | ---- | M] (Microsoft Corporation)
(P1131VID) Creative WebCam NX Pro (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\P1131Vid.sys -> [2004/03/26 03:55:12 | 00,091,241 | R--- | M] (Creative Technology Ltd.)
(Parallel) Pilote de classe parallèle [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\parallel.sys -> [2003/06/19 11:05:04 | 00,060,368 | ---- | M] (Microsoft Corporation)
(Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003/06/19 11:05:04 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.)
(RCA) Microsoft Streaming Network Raw Channel Access [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rca.sys -> [2001/05/08 01:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation)
(RT61) D-Link Wireless Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt61.sys -> [2005/06/04 19:07:56 | 00,319,104 | ---- | M] (Ralink Technology Inc.)
(rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [1999/09/25 03:17:18 | 00,018,704 | ---- | M] (Realtek Semiconductor Corporation												)
(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH)
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2008/07/27 00:28:17 | 00,102,664 | ---- | M] (Trend Micro Inc.)
(uhcd) Pilote de contrôleur hôte universel USB Microsoft [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\uhcd.sys -> [2003/06/19 11:05:04 | 00,032,848 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://fr.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" -> yaho -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Default Profile] > -> d:\Documents and Settings\Karim\Application Data\Mozilla\FireFox\Profiles\xt0ii9fn.default\prefs.js -> 
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.6" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINNT\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2009/01/24 10:05:45 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/24 10:05:32 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/24 10:05:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
"{8E718888-423F-11D2-876E-00A0C9082467}" [HKLM] -> %SystemRoot%\system32\msdxm.ocx [@msdxmLC.dll,-1@1033,&Radio] -> [2005/06/03 11:31:08 | 00,848,656 | ---- | M] (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2005/08/04 21:54:42 | 00,343,112 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2005/08/04 21:54:42 | 00,343,112 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ANIWZCS2Service" -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> [2004/12/16 16:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.)
"avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH)
"CamMonitor" -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe] -> [2002/10/07 00:23:20 | 00,090,112 | ---- | M] ()
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/06/14 19:53:55 | 00,282,624 | ---- | M] (Apple Computer, Inc.)
"Share-to-Web Namespace Daemon" -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe] -> [2002/04/17 10:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/01/24 10:05:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"Synchronization Manager" -> %SystemRoot%\system32\mobsync.exe [mobsync.exe /logon] -> [2003/06/19 11:05:04 | 00,111,888 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
< All Users Startup Folder > -> d:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> 
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.)
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard)
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 21:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Traduire à partir de l'anglais -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
Pages liées -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
Pages similaires -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
Recherche &Google -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
Version de la page actuelle disponible dans le cache Google -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmcache.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Menu: Console Java (Sun)] -> [2009/01/24 10:05:42 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Console Java (Sun)] -> [2009/01/24 10:05:42 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Galerie de Microsoft ActiveX -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5264 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5264 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> 
{05D96F71-87C6-11D3-9BE4-00902742D6E0} [HKLM] -> http://intranet.upmf-grenoble.fr/qp2.cab [QuickPlace Class] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{31564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmvax.cab [Reg Error: Key does not exist or could not be opened.] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key does not exist or could not be opened.] -> 
{33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab [Reg Error: Key does not exist or could not be opened.] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132315772357 [WUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{B79A53C0-1DAC-4636-BACE-FD086A7A79BF} [HKLM] -> https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab [AdSignerLCContrl Class] -> 
{C5E28B9D-0A68-4B50-94E9-E8F6B4697519} [HKLM] -> http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab [NsvPlayX Control] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{35E2F473-C88D-4CBF-9778-CBD383D2E10F} ->	() -> 
{40C5AD3E-C075-4F31-8A58-B67466D98AB7} ->	() -> 
{719FBCB3-DAC6-4606-BEE2-A436BACC03FC} ->	(Carte PCI Fast Ethernet à base Realtek RTL8139(A)) -> 
{A5034744-89E3-4B35-BDB8-36B59F037B5A} ->	(Carte FE574B-3Com 10/100 LAN PCCard-Fast Ethernet) -> 
{BE690D9F-5267-4918-86D6-9E197106D316} ->	() -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
nwprovau -> %SystemRoot%\system32\NWPROVAU.DLL -> [2006/09/01 06:49:42 | 00,143,632 | ---- | M] (Microsoft Corporation)
wzcnotif -> %SystemRoot%\system32\wzcdlg.dll -> [2003/06/19 11:05:04 | 00,053,520 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{7007ACCF-3202-11D1-AAD2-00805FC1270E}" [HKLM] -> %SystemRoot%\system32\netshell.dll [Network.ConnectionTray] -> [2003/06/19 11:05:04 | 00,485,648 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> Pilote de CD-ROM -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2003/06/19 11:05:04 | 00,027,984 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/11/16 22:51:30 | 00,000,000 | -H-- | M] ()

[Registry - Additional Scans - Safe List]
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> 
{66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %SystemRoot%\system32\docprop2.dll [Version Column Provider] -> [2001/05/08 01:00:00 | 00,307,472 | ---- | M] (Microsoft Corporation)
{7f9609be-af9a-11d1-83e0-00c04fb6e984} [HKLM] -> %SystemRoot%\system32\faxshell.dll [Fax Tiff Data Column Provider] -> [2001/05/08 01:00:00 | 00,008,464 | ---- | M] (Microsoft Corporation)
{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} [HKLM] -> %SystemRoot%\system32\docprop2.dll [ShAVColumnProvider class] -> [2001/05/08 01:00:00 | 00,307,472 | ---- | M] (Microsoft Corporation)
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2004/12/14 02:20:02 | 00,110,592 | ---- | M] (Adobe Systems, Inc.)
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName = Ma page d'accueil -> 
0 -> Source = About:Home -> 
0 -> SubscribedURL = About:Home -> 
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2005/04/15 02:08:24 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2003/06/19 11:05:04 | 00,008,976 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2002/08/30 18:24:06 | 00,024,576 | ---- | M] (Microsoft Corporation)
.html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/05 20:58:23 | 00,307,704 | ---- | M] (Mozilla Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2003/06/19 11:05:04 | 00,076,560 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S -> 
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
Ias ->  [] -> 
Iprip ->  [] -> 
Irmon ->  [] -> 
Nwsapagent ->  [] -> 
*MultiFile Done* -> -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2002/04/20 09:32:02 | 00,577,536 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2002/04/20 09:32:02 | 00,577,536 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2002/04/20 09:32:02 | 00,577,536 | ---- | M] (Microsoft Corporation)
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKLM] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [2005/06/03 11:31:08 | 00,848,656 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"antivirusoverride" ->  [0] -> File not found
\\"firewalldisablenotify" ->  [1] -> File not found
\\"UpdatesDisableNotify" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [1] -> File not found
\\"FirewallOverride" ->  [0] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> 
"BootExecute" -> autocheck autochk *; -> 
"ExcludeFromKnownDlls" ->  -> 
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> 
\Windows ->  -> File not found
\RPC Control ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 
"ComSpec" -> C:\WINNT\system32\CMD.EXE -> [2005/06/03 11:24:02 | 00,249,616 | ---- | M] (Microsoft Corporation)
"TEMP" -> %SystemRoot%\TEMP -> 
"TMP" -> %SystemRoot%\TEMP -> 
"windir" -> %SystemRoot% -> 
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 
%systemroot%\system32 -> %SystemRoot%\system32 -> [2009/02/17 23:53:44 | 00,000,000 | RHSD | M]
%systemroot% -> %SystemRoot% -> [2009/02/17 23:56:00 | 00,000,000 | RHSD | M]
%systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [2005/11/22 00:19:46 | 00,000,000 | ---D | M]
C:\Program Files\Fichiers communs\Teleca Shared ->  -> File not found
*MultiFile Done* -> -> 
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 
.COM ->  -> File not found
.EXE ->  -> File not found
.BAT ->  -> File not found
.CMD ->  -> File not found
.VBS ->  -> File not found
.VBE ->  -> File not found
.JS ->  -> File not found
.JSE ->  -> File not found
.WSF ->  -> File not found
.WSH ->  -> File not found
*MultiFile Done* -> -> 
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> 
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> 
"advapi32" -> C:\WINNT\system32\ADVAPI32.DLL -> [2005/06/03 11:30:50 | 00,401,168 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINNT\system32\comdlg32.dll -> [2003/06/19 11:05:04 | 00,244,496 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINNT\system32 -> [2009/02/17 23:53:44 | 00,000,000 | RHSD | M]
"gdi32" -> C:\WINNT\system32\GDI32.DLL -> [2008/10/23 06:27:54 | 00,237,840 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINNT\system32\imagehlp.dll -> [2003/06/19 11:05:04 | 00,128,784 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINNT\system32\KERNEL32.DLL -> [2007/04/16 13:44:24 | 00,760,080 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINNT\system32\lz32.dll -> [2003/06/19 11:05:04 | 00,010,000 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINNT\system32\OLE32.DLL -> [2005/09/05 09:19:27 | 00,957,712 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINNT\system32\OLEAUT32.DLL -> [2007/12/05 11:40:18 | 00,631,056 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINNT\system32\olecli32.dll -> [2005/09/05 09:19:28 | 00,069,904 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINNT\system32\OLECNV32.DLL -> [2005/09/05 09:19:28 | 00,036,624 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINNT\system32\olesvr32.dll -> [2001/05/08 01:00:00 | 00,022,800 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINNT\system32\olethk32.dll -> [2003/06/19 11:05:04 | 00,070,928 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINNT\system32\rpcrt4.dll -> [2007/07/17 07:43:10 | 00,439,056 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINNT\system32\SHELL32.DLL -> [2006/07/13 08:09:42 | 02,393,360 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINNT\system32\url.dll -> [2002/08/30 18:24:06 | 00,108,544 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINNT\system32\URLMON.DLL -> [2008/10/16 10:50:14 | 00,464,384 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINNT\system32\USER32.DLL -> [2007/03/06 12:18:04 | 00,381,712 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINNT\system32\version.dll -> [2003/06/19 11:05:04 | 00,016,144 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINNT\system32\WININET.DLL -> [2008/10/16 10:50:16 | 00,581,120 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINNT\system32\WLDAP32.DLL -> [2005/06/03 11:30:52 | 00,146,704 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> 
"CommonFilesDir" -> C:\Program Files\Fichiers communs -> [2009/02/08 22:41:29 | 00,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2009/02/08 14:48:05 | 00,000,000 | R--D | M]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
batfile [open] -> "%1" %* -> File not found
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2005/04/15 02:08:24 | 00,010,752 | ---- | M] (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
cmdfile [open] -> "%1" %* -> File not found
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
helpfile [open] -> winhlp32.exe %1 -> [2003/06/19 11:05:04 | 00,008,976 | ---- | M] (Microsoft Corporation)
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> [2003/06/19 11:05:04 | 00,008,976 | ---- | M] (Microsoft Corporation)
htafile [open] -> %SystemRoot%\system32\mshta.exe "%1" %* -> [2002/08/30 18:24:06 | 00,024,576 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\Office\msohtmed.exe" %1 -> [1999/02/09 21:14:10 | 00,041,011 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation)
http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation)
https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2009/02/05 20:58:23 | 00,307,704 | ---- | M] (Mozilla Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2001/05/08 01:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> File not found
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" -> [2003/06/19 11:05:04 | 00,076,560 | ---- | M] (Microsoft Corporation)
regfile [merge] -> Reg Error: Key does not exist or could not be opened.
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
scrfile [config] -> %1 -> File not found
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2003/06/19 11:05:04 | 00,245,008 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> File not found
txtfile [edit] -> Reg Error: Key does not exist or could not be opened.
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation)
Directory [AddToPlaylistVLC] -> %ProgramFiles%\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" -> [2008/11/13 12:34:18 | 00,114,840 | ---- | M] ()
Directory [PlayWithVLC] -> %ProgramFiles%\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" -> [2008/11/13 12:34:18 | 00,114,840 | ---- | M] ()
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation)
< Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{0001040C-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Professional
{01161F64-6897-4885-93A0-A9F7BE9A4253} -> hp psc 1100 series
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{1E04F83B-2AB9-4301-9EF7-E86307F79C72} -> Google Earth
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11
{30614D5F-58BB-4A76-8BC9-C763A815CFC4} -> Hackman Hex Editor
{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Edition Découverte 3.0
{4C590030-7469-453E-8589-D15DA9D03F52} -> ANIWZCS2 Service
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} -> Photo et imagerie HP 2.0 - All-in-One Pilote
{6F716DA0-398F-11D3-85E1-005004838609} -> WebFldrs
{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E} -> ANIO Service
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{8E397FED-07AB-439C-80C5-1DA3A1E4C827} -> PowerArchiver 2007 French
{9867A917-5D17-40DE-83BA-BEA5293194B1} -> Photo et imagerie HP 2.0 - All-in-One
{A023A2D1-8BD3-4B3D-8077-CD9DDA489CB5} -> HP Photo and Imaging 2.0 - Photosmart Cameras
{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} -> Windows Defender Signatures
{ABEB838C-A1A7-4C5D-B7E1-8B4314600820} -> MSN Messenger 7.0
{AC76BA86-7AD7-1036-7B44-A70500000002} -> Adobe Reader 7.0.7 - Français
{B376402D-58EA-45EA-BD50-DD924EB67A70} -> Disque de souvenirs HP
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Shockwave Player -> Adobe Shockwave Player
AdobeESD -> Adobe Download Manager 2.0 (Supprimer uniquement)
AntiVir PersonalEdition Classic -> Avira AntiVir Personal - Free Antivirus
Creative PC-CAM Center -> Creative PC-CAM Center
Creative PD1131 -> Creative WebCam NX Pro Driver (1.03.03.0326)
Creative WebCam Monitor -> Creative WebCam Monitor
eMule -> eMule
Free.fr -> Free - Kit de connexion
FreePCvcR v0.5.3a -> FreePCvcR v0.5.3a
FreePCvcR v0.6 -> FreePCvcR v0.6
Freeplayer -> Freeplayer
Hattrick Control_is1 -> Hattrick Control 2.12
HijackThis -> HijackThis 2.0.2
HP PSC 1100 Series -> Photo et imagerie HP 2.0 - hp psc 1100 series
IrfanView -> IrfanView (remove only)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam NX Pro French -> Manuel d'utilisation de Creative WebCam NX Pro (Français)
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
mIRC -> mIRC
Mozilla Firefox (3.0.6) -> Mozilla Firefox (3.0.6)
Q828026 -> Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
Radmin Viewer 3.0 -> Radmin Viewer 3.0
RealPlayer 6.0 -> RealPlayer
ShockwaveFlash -> Adobe Flash Player 9 ActiveX
Skype_is1 -> Skype 2.0
SopCast -> SopCast 1.1.1
Update Rollup 1 -> Correctif cumulatif 1 pour Windows 2000 SP4
VLC media player -> VLC media player 0.9.6
WMP7 -> Mise à jour système du Lecteur Windows Media (Série 9)
Yahoo! Companion -> Yahoo! Toolbar avec bloqueur de fenêtres pop-up
Yahoo! Toolbar -> Yahoo! Toolbar
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000001 [TCP/IP] -> %SystemRoot%\system32\rnr20.dll -> [2003/06/19 11:05:04 | 00,036,624 | ---- | M] (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Protocole de transport compatible NWLink IPX/SPX/NetBIOS] -> %SystemRoot%\system32\NWPROVAU.DLL -> [2006/09/01 06:49:42 | 00,143,632 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 17/02/2009 08:18:32 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de  performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un  problème pour ce compteur extensible ou le service dont il tire ses  informations, ou le système était peut-être très occupé au moment où  l'appel a été tenté. 
Application [ Error ] 17/02/2009 08:20:15 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de  performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un  problème pour ce compteur extensible ou le service dont il tire ses  informations, ou le système était peut-être très occupé au moment où  l'appel a été tenté. 
Application [ Error ] 17/02/2009 08:21:25 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de  performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un  problème pour ce compteur extensible ou le service dont il tire ses  informations, ou le système était peut-être très occupé au moment où  l'appel a été tenté. 
Application [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = QOS | ID = 102 -> Description = The service failed to initialize due to subprocess could not be spawned. Error code: 2.
Application [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = QOS | ID = 103 -> Description = The service failed to start.
Application [ Error ] 17/02/2009 15:36:55 Computer Name = PORTABLE | Source = Perflib | ID = 2002 -> Description = La procédure d'ouverture du service "PerfDisk" dans la bibliothèque "C:\WINNT\system32\perfdisk.dll" a  pris plus longtemps que le délai imparti pour cette opération. Il y a peut-  être un problème pour ce compteur extensible ou le service dont il tire ses  informations, ou le système était peut-être très occupé au moment où  l'appel a été tenté. 
Application [ Error ] 17/02/2009 15:39:16 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de  performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un  problème pour ce compteur extensible ou le service dont il tire ses  informations, ou le système était peut-être très occupé au moment où  l'appel a été tenté. 
Application [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = QOS | ID = 102 -> Description = The service failed to initialize due to subprocess could not be spawned. Error code: 2.
Application [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = QOS | ID = 103 -> Description = The service failed to start.
Application [ Error ] 17/02/2009 15:51:17 Computer Name = PORTABLE | Source = Perflib | ID = 2002 -> Description = La procédure d'ouverture du service "PerfDisk" dans la bibliothèque "C:\WINNT\system32\perfdisk.dll" a  pris plus longtemps que le délai imparti pour cette opération. Il y a peut-  être un problème pour ce compteur extensible ou le service dont il tire ses  informations, ou le système était peut-être très occupé au moment où  l'appel a été tenté. 
System [ Error ] 17/02/2009 08:15:29 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service FireDaemon Service: QOS s'est arrêté avec l'erreur :   %%1
System [ Error ] 17/02/2009 08:17:42 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7022 -> Description = Le service Avira AntiVir Personal - Free Antivirus Scheduler est en attente de démarrage.
System [ Error ] 17/02/2009 15:36:17 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Protocole de transport compatible NWLink IPX/SPX/NetBIOS n'a pas pu démarrer en raison de l'erreur :   %%87
System [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service Service client pour NetWare s'est arrêté avec l'erreur :   %%2
System [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur de tâches n'a pas pu démarrer en raison de l'erreur :   %%1083
System [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service FireDaemon Service: QOS s'est arrêté avec l'erreur :   %%1
System [ Error ] 17/02/2009 15:50:43 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Protocole de transport compatible NWLink IPX/SPX/NetBIOS n'a pas pu démarrer en raison de l'erreur :   %%87
System [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur de tâches n'a pas pu démarrer en raison de l'erreur :   %%1083
System [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service Service client pour NetWare s'est arrêté avec l'erreur :   %%2
System [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service FireDaemon Service: QOS s'est arrêté avec l'erreur :   %%1

[Files/Folders - Created Within 90 Days]
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 
OTScanIt2 -> %UserProfile%\Bureau\OTScanIt2 -> [2009/02/17 23:51:58 | 00,000,000 | ---D | C]
vdshd.exe -> %UserProfile%\vdshd.exe -> [2009/02/17 23:51:36 | 00,025,133 | ---- | C] (UTool)
OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2009/02/17 23:51:20 | 00,656,714 | ---- | C] ()
Perflib_Perfdata_234.dat -> %SystemRoot%\System32\Perflib_Perfdata_234.dat -> [2009/02/17 20:50:53 | 00,016,384 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2009/02/16 23:24:54 | 00,000,458 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/16 23:24:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/16 23:24:48 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Perflib_Perfdata_68c.dat -> %SystemRoot%\System32\Perflib_Perfdata_68c.dat -> [2009/02/16 08:58:54 | 00,016,384 | ---- | C] ()
Favoris -> %SystemRoot%\Favoris -> [2009/02/13 18:38:30 | 00,000,000 | ---D | C]
CF20883.exe -> %SystemRoot%\System32\CF20883.exe -> [2009/02/08 20:46:40 | 00,249,616 | ---- | C] (Microsoft Corporation)
CF20880.exe -> %SystemRoot%\System32\CF20880.exe -> [2009/02/08 20:46:40 | 00,249,616 | ---- | C] (Microsoft Corporation)
Perflib_Perfdata_438.dat -> %SystemRoot%\System32\Perflib_Perfdata_438.dat -> [2009/02/08 15:44:05 | 00,016,384 | ---- | C] ()
zipinst.exe -> %SystemRoot%\zipinst.exe -> [2009/02/08 14:48:08 | 00,039,424 | ---- | C] (NirSoft)
RegScanner -> %ProgramFiles%\RegScanner -> [2009/02/08 14:48:05 | 00,000,000 | ---D | C]
Perflib_Perfdata_11c4.dat -> %SystemRoot%\System32\Perflib_Perfdata_11c4.dat -> [2009/02/07 20:28:21 | 00,016,384 | ---- | C] ()
Perflib_Perfdata_230.dat -> %SystemRoot%\System32\Perflib_Perfdata_230.dat -> [2009/02/07 01:15:09 | 00,016,384 | ---- | C] ()
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/02/06 17:24:17 | 00,000,000 | RHSD | C]
Perflib_Perfdata_22c.dat -> %SystemRoot%\System32\Perflib_Perfdata_22c.dat -> [2009/02/03 12:38:30 | 00,016,384 | ---- | C] ()
photo moi.doc -> %SystemDrive%\photo moi.doc -> [2009/01/30 18:55:31 | 00,258,048 | ---- | C] ()
temp -> %SystemRoot%\temp -> [2009/01/26 23:07:04 | 00,000,000 | ---D | C]
Perflib_Perfdata_218.dat -> %SystemRoot%\System32\Perflib_Perfdata_218.dat -> [2009/01/26 22:18:19 | 00,016,384 | ---- | C] ()
REGIME.doc -> %UserProfile%\Mes documents\REGIME.doc -> [2009/01/22 20:58:40 | 00,202,752 | ---- | C] ()
Votre bilan personnel AVANT REGIME.doc -> %UserProfile%\Mes documents\Votre bilan personnel AVANT REGIME.doc -> [2009/01/22 20:26:58 | 00,050,688 | ---- | C] ()
VTech -> %ProgramFiles%\VTech -> [2008/12/28 20:20:35 | 00,000,000 | ---D | C]
Lancement rapide d'Adobe Reader.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> [2008/12/14 15:24:36 | 00,001,446 | ---- | C] ()
MSHTML.DLL -> %SystemRoot%\System32\MSHTML.DLL -> [2008/12/11 14:22:44 | 02,706,432 | ---- | C] (Microsoft Corporation)
FONCIA REGLEMENT.xls -> %UserProfile%\Mes documents\FONCIA REGLEMENT.xls -> [2008/11/28 09:56:14 | 00,016,384 | ---- | C] ()
vlc -> %AppData%\vlc -> [2008/11/23 01:24:04 | 00,000,000 | ---D | C]
VLC media player.lnk -> %AllUsersProfile%\Bureau\VLC media player.lnk -> [2008/11/23 00:46:20 | 00,000,495 | ---- | C] ()
VideoLAN -> %ProgramFiles%\VideoLAN -> [2008/11/22 22:39:50 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
32 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 
4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 
1 d:\Documents and Settings\Karim\Local Settings\temp\is-PAE83.tmp\_isetup\*.tmp files -> d:\Documents and Settings\Karim\Local Settings\temp\is-PAE83.tmp\_isetup\*.tmp -> 
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/02/17 23:55:45 | 05,169,152 | -H-- | M] ()
vdshd.exe -> %UserProfile%\vdshd.exe -> [2009/02/17 23:55:37 | 00,025,133 | ---- | M] (UTool)
OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2009/02/17 23:51:21 | 00,656,714 | ---- | M] ()
Perflib_Perfdata_234.dat -> %SystemRoot%\System32\Perflib_Perfdata_234.dat -> [2009/02/17 20:50:53 | 00,016,384 | ---- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/17 20:50:33 | 20,078,5920 | -HS- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/17 20:48:07 | 00,000,284 | -HS- | M] ()
hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [2009/02/17 11:15:55 | 00,000,524 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/17 00:38:16 | 00,004,617 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/17 00:38:16 | 00,004,232 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2009/02/16 23:30:37 | 00,000,458 | ---- | M] ()
_shfoldr.dll -> %UserProfile%\Local Settings\temp\is-PAE83.tmp\_isetup\_shfoldr.dll -> [2009/02/16 23:23:54 | 00,023,312 | ---- | M] (Microsoft Corporation)
Perflib_Perfdata_68c.dat -> %SystemRoot%\System32\Perflib_Perfdata_68c.dat -> [2009/02/16 08:58:54 | 00,016,384 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Bureau\Spybot - Search & Destroy.lnk -> [2009/02/13 01:29:10 | 00,000,682 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
CF20883.exe -> %SystemRoot%\System32\CF20883.exe -> [2009/02/08 20:46:16 | 00,249,616 | ---- | M] (Microsoft Corporation)
CF20880.exe -> %SystemRoot%\System32\CF20880.exe -> [2009/02/08 20:46:16 | 00,249,616 | ---- | M] (Microsoft Corporation)
Perflib_Perfdata_438.dat -> %SystemRoot%\System32\Perflib_Perfdata_438.dat -> [2009/02/08 15:44:05 | 00,016,384 | ---- | M] ()
zipinst.exe -> %SystemRoot%\zipinst.exe -> [2009/02/08 14:53:13 | 00,039,424 | ---- | M] (NirSoft)
Perflib_Perfdata_11c4.dat -> %SystemRoot%\System32\Perflib_Perfdata_11c4.dat -> [2009/02/07 20:28:21 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_230.dat -> %SystemRoot%\System32\Perflib_Perfdata_230.dat -> [2009/02/07 01:15:09 | 00,016,384 | ---- | M] ()
Mozilla Firefox.lnk -> %UserProfile%\Bureau\Mozilla Firefox.lnk -> [2009/02/06 17:56:03 | 00,001,386 | ---- | M] ()
Perflib_Perfdata_22c.dat -> %SystemRoot%\System32\Perflib_Perfdata_22c.dat -> [2009/02/03 12:38:30 | 00,016,384 | ---- | M] ()
photo moi.doc -> %SystemDrive%\photo moi.doc -> [2009/01/30 18:55:32 | 00,258,048 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/26 23:09:54 | 00,000,227 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/01/26 22:20:11 | 00,000,027 | ---- | M] ()
SystemSpool_dll.ocx -> %SystemRoot%\System32\SystemSpool_dll.ocx -> [2009/01/26 22:18:21 | 00,000,613 | ---- | M] ()
Perflib_Perfdata_218.dat -> %SystemRoot%\System32\Perflib_Perfdata_218.dat -> [2009/01/26 22:18:19 | 00,016,384 | ---- | M] ()
systemspool.ocx -> %SystemRoot%\System32\systemspool.ocx -> [2009/01/26 22:18:19 | 00,001,061 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/01/26 19:19:35 | 00,149,992 | ---- | M] ()
REGIME.doc -> %UserProfile%\Mes documents\REGIME.doc -> [2009/01/22 20:58:41 | 00,202,752 | ---- | M] ()
Votre bilan personnel AVANT REGIME.doc -> %UserProfile%\Mes documents\Votre bilan personnel AVANT REGIME.doc -> [2009/01/22 20:26:59 | 00,050,688 | ---- | M] ()
sfc.dll -> %SystemRoot%\System32\sfc.dll -> [2009/01/21 20:36:25 | 00,097,072 | ---- | M] (Microsoft Corporation)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/01/14 01:45:11 | 00,001,410 | ---- | M] ()
Lancement rapide d'Adobe Reader.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> [2008/12/14 15:24:36 | 00,001,446 | ---- | M] ()
MSHTML.DLL -> %SystemRoot%\System32\MSHTML.DLL -> [2008/12/11 14:22:44 | 02,706,432 | ---- | M] (Microsoft Corporation)
MSHTML.DLL -> %SystemRoot%\System32\dllcache\MSHTML.DLL -> [2008/12/11 14:22:44 | 02,706,432 | ---- | M] (Microsoft Corporation)
SRV.SYS -> %SystemRoot%\System32\drivers\SRV.SYS -> [2008/12/11 13:09:40 | 00,239,472 | ---- | M] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/12/11 13:09:40 | 00,239,472 | ---- | M] (Microsoft Corporation)
FONCIA REGLEMENT.xls -> %UserProfile%\Mes documents\FONCIA REGLEMENT.xls -> [2008/11/28 10:56:08 | 00,016,384 | ---- | M] ()
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/11/25 20:56:34 | 00,075,072 | ---- | M] (Avira GmbH)
VLC media player.lnk -> %AllUsersProfile%\Bureau\VLC media player.lnk -> [2008/11/23 00:46:21 | 00,000,495 | ---- | M] ()

[Files/Folders - Unicode - All]
? -> C:\WINNT\㘠 -> [2007/01/20 17:55:13 | 00,000,146 | ---- | M] ()
? -> C:\WINNT\˨ -> [2007/04/11 22:29:00 | 00,000,146 | ---- | M] ()
? -> C:\WINNT\㢼 -> [2007/09/06 01:49:41 | 00,000,146 | ---- | M] ()
? -> C:\WINNT\૸ -> [2008/01/22 00:45:34 | 00,003,494 | ---- | M] ()
? -> C:\WINNT\ -> [2008/07/05 07:51:14 | 00,003,973 | ---- | M] ()
? -> C:\WINNT\Є -> [2006/06/10 17:47:32 | 00,000,146 | ---- | M] ()
? -> C:\WINNT\Й -> [2006/08/23 23:25:08 | 00,000,987 | ---- | M] ()
? -> C:\WINNT\质 -> [2007/05/14 17:34:15 | 00,001,695 | ---- | M] ()
? -> C:\WINNT\邘 -> [2007/05/14 17:34:15 | 00,000,146 | ---- | M] ()
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000079.JPG:Q30lsldxJoudresxAaaqpcawXc 7336 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000079.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000080.JPG:Q30lsldxJoudresxAaaqpcawXc 7476 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000080.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000081.JPG:Q30lsldxJoudresxAaaqpcawXc 7268 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000081.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000080.JPG:Q30lsldxJoudresxAaaqpcawXc 7476 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000080.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000081.JPG:Q30lsldxJoudresxAaaqpcawXc 7268 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000081.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000079.JPG:Q30lsldxJoudresxAaaqpcawXc 7336 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000079.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\christine beauté.htm:Q30lsldxJoudresxAaaqpcawXc 9500 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\christine beauté.htm:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\christine coquine.htm:Q30lsldxJoudresxAaaqpcawXc 9240 bytes
d:\Documents and Settings\Karim\Mes documents\Mes images\christine coquine.htm:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
scan completed successfully
hidden files: 16

< End of report >

pear · le 18 février 2009

Bonjour,

Je ne vois rien.

Vous pouvez poster un rapport Antivir,svp ?

Dans Hijackthis,cochez ces lignes puis clic sur Fix checked

F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\NirCmd.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task]

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

K38 · le 18 février 2009

Bonsoir,

Voici le rapport Antivir

Avira AntiVir Personal

Report file date: mercredi 18 février 2009 19:23

Scanning for 1251469 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows 2000

Windows version: (Service Pack 4) [5.0.2195]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PORTABLE

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 19:56:34

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:01:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 22:52:32

ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 11/02/2009 22:52:34

ANTIVIR3.VDF : 7.1.2.38 154624 Bytes 17/02/2009 23:55:01

Engineversion : 8.2.0.83

AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 19:52:09

AESCRIPT.DLL : 8.1.1.47 348539 Bytes 13/02/2009 23:12:13

AESCN.DLL : 8.1.1.7 127347 Bytes 13/02/2009 23:12:11

AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 00:46:58

AEPACK.DLL : 8.1.3.8 397684 Bytes 04/02/2009 21:57:28

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 23:16:05

AEHEUR.DLL : 8.1.0.94 1606006 Bytes 17/02/2009 23:55:12

AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 19:53:32

AEGEN.DLL : 8.1.1.17 332148 Bytes 17/02/2009 23:55:05

AEEMU.DLL : 8.1.0.9 393588 Bytes 25/10/2008 22:08:32

AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 23:55:03

AEBB.DLL : 8.1.0.3 53618 Bytes 25/10/2008 22:08:29

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 21:38:34

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: mercredi 18 février 2009 19:23

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'hposts08.exe' - '1' Module(s) have been scanned

Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned

Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned

Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned

Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned

Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned

Scan process 'winmgmt.exe' - '1' Module(s) have been scanned

Scan process 'stisvc.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '0' Module(s) have been scanned

Scan process 'sched.exe' - '0' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

27 processes with 27 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '43' files ).

Starting the file scan:

Begin scan in 'C:\' <Système>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <Données>

D:\pagefile.sys

[WARNING] The file could not be opened!

D:\Documents and Settings\Karim\vdshd.exe

[DETECTION] Is the TR/ATRAPS.Gen Trojan

[NOTE] The file was moved to '4a0f5fbf.qua'!

D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\2445673883\Winks3\TFR22.dat