Demande d'aide-analyse rapports hitjackthis

JOELERIC · le 21 février 2009

Bonjour

je suis victime de redirection intempestives. dès que je clique sur certain lien comme Zebulon Fr une fenetre complémentaire s'ouvre qui se recharge systématiquement, ou bien quand je recherjhe un site je suis reduirigé vers un autre site.Apres lecture des sujet j'ai déjà fait :

- un hitjackthis log / un Ot liste qui m'a donné deux fichiers que je vous livre.

Merci de m'aider car tous les antispyware n'ont rien donné : Ad aware, Spybot, MalwareByte, ne parlons pas de mon kapersky 2009 :

Je commmence par vous livrer le hitjacklist log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:48:35, on 20/02/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\AdventNet\ME\NetFlow\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\download\vlc\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE2A0A4D-9CD6-B15F-F68E-E83B8B0476BC} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"

O4 - HKLM\..\Run: [MaxBlastMonitor.exe] "C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [Entm] "C:\DOCUME~1\Admin\APPLIC~1\YMBOLS~1\cmd.exe" -vt ndrv

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O15 - Trusted Zone: http://www.secuser.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F2CCE8E-06DF-4B08-B556-9508F50449A0}: NameServer = 193.168.0.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe

O23 - Service: ManageEngine NetFlow Analyzer 4 (netflowanalyzer) - Unknown owner - C:\AdventNet\ME\NetFlow\bin\wrapper.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 8599 bytes

Modifié le 21 février 2009 par JOELERIC

JOELERIC · le 21 février 2009

Bonjour
je suis victime de redirection intempestives. dès que je clique sur certain lien comme Zebulon Fr une fenetre complémentaire s'ouvre qui se recharge systématiquement, ou bien quand je recherjhe un site je suis reduirigé vers un autre site.Apres lecture des sujet j'ai déjà fait :

- un hitjackthis log / un Ot liste qui m'a donné deux fichiers que je vous livre.

Merci de m'aider car tous les antispyware n'ont rien donné : Ad aware, Spybot, MalwareByte, ne parlons pas de mon kapersky 2009 :

Je commmence par vous livrer le hitjacklist log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:48:35, on 20/02/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\AdventNet\ME\NetFlow\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\download\vlc\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE2A0A4D-9CD6-B15F-F68E-E83B8B0476BC} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"

O4 - HKLM\..\Run: [MaxBlastMonitor.exe] "C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe"

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [Entm] "C:\DOCUME~1\Admin\APPLIC~1\YMBOLS~1\cmd.exe" -vt ndrv

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O15 - Trusted Zone: http://www.secuser.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{9F2CCE8E-06DF-4B08-B556-9508F50449A0}: NameServer = 193.168.0.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe

O23 - Service: ManageEngine NetFlow Analyzer 4 (netflowanalyzer) - Unknown owner - C:\AdventNet\ME\NetFlow\bin\wrapper.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 8599 bytes

la suite :

OTListIt Extras logfile created on: 20/02/2009 21:11:58 - Run

OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Admin\Bureau

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,23 Mb Total Physical Memory | 296,02 Mb Available Physical Memory | 57,90% Memory free

1,22 Gb Paging File | 0,65 Gb Available in Paging File | 53,57% Paging File free

Paging file location(s): C:\pagefile.sys 768 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,79 Gb Total Space | 28,13 Gb Free Space | 25,16% Space Free | Partition Type: NTFS

Drive D: | 152,66 Gb Total Space | 17,64 Gb Free Space | 11,56% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLACKJP

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2006/09/14 02:37:54 | 00,561,152 | ---- | M] () -- C:\Program Files\WinFax eXPert\BvrpKrnl.exe:*:Disabled:Bvrpkrnl

File not found -- C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Disabled:McAfee Network Agent

File not found -- C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype

[2006/09/13 08:06:44 | 01,982,464 | ---- | M] (BVRP Software) -- C:\Program Files\WinFax eXPert\WinFax.exe:*:Disabled:Winfax

[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0C123C63-84FD-4D13-96E7-EEB5C11893F2}" = LEC Translate

"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}" = EZVideo Mail

"{313aa16e-8c61-410c-a225-917462421659}" = EZSuite For EZCam III

"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{5DF68560-292A-11D5-99D1-00010256D40E}" = DV Studio3

"{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}" = EZShowtime MMS

"{60E5167C-F720-47F2-A0FD-9B34F94A8DC8}" = WinFax eXPert

"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software

"{76F0FEBD-6C17-4D57-6002-1A0BFF7DE827}" = Ultimate ZIP Cracker Trial version

"{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}" = EZPhoto Browser

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor MaxBlast

"{887EF08A-011E-477C-B6CB-01E540538ADB}" = Rep-Listing

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

"{9A8EE170-395C-4B96-B992-B9FE823330E7}" = JS World

"{9DA4493A-480C-4554-A02C-4B542D33A1D9}" = ManageEngine NetFlow Analyzer 4

"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =

"{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}" = SPIF225 USB to SATA Bridge 98 Driver Installer

"{AC76BA86-7AD7-1036-7B44-A70800000002}" = Adobe Reader 7.0.8 - Français

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B473BAC8-6A90-4D53-96C9-97A759A76EE8}" = EZPhoto Panorama

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C4B76E93-3FC2-4E90-81EE-EE62948CFB03}" = Sony Ericsson Mobile Phone Monitor

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D995DF42-A2B6-43D6-AEA2-FDD296E74ED4}" = PC CameraQ

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

"{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}" = Diskeeper Professional Edition

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools

"{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC

"{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}" = EZPhoto Tools

"{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan

"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FC18114B-05A0-11D6-8140-000102E745A6}" = Sony Ericsson PC Suite 3.2.0

"ABC" = ABC (remove only)

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"AdobeESD" = Adobe Download Manager 2.0 (Supprimer uniquement)

"Applian FLV Player2.0.23" = Applian FLV Player

"AutoSketch v6.0" = AutoSketch v6.0

"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43

"BlindWrite 5_is1" = BlindWrite5

"DivX Content Uploader" = DivX Content Uploader

"eMule" = eMule

"Ezonics Greeting Cam Deluxe" = Ezonics Greeting Cam Deluxe

"FAT32 Format" = FAT32 Format

"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]

"FTDICOMM" = SEMC DSS SyncStation Driver

"GSpot 2.21 Fr_is1" = GSpot 2.21 Fr

"HijackThis" = HijackThis 2.0.2

"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC

"InstallShield_{D995DF42-A2B6-43D6-AEA2-FDD296E74ED4}" = PC CameraQ

"InstallShield_{EBE171CC-C465-43FE-AA82-F0B4333764DD}" = WebCam Driver for Panasonic DVC

"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009

"Kaspersky Online Scanner" = Kaspersky Online Scanner

"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)

"lphant_is1" = lphant v1.11

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaRescue Pro" = MediaRescue Pro 3.5

"NeroMultiInstaller!UninstallKey" = Nero Suite

"Panda ActiveScan" = Panda ActiveScan

"PCI Audio Driver" = PCI Audio Driver

"SnadBoy's Revelation v2" = SnadBoy's Revelation v2

"SuperCopier2" = SuperCopier2

"TVersity Codec Pack" = TVersity Codec Pack 1.1

"TVersity Media Server " = TVersity Media Server 0.9.11.4 beta

"VLC media player" = VideoLAN VLC media player 0.8.6f

"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.00

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Lecteur Windows Media 10

"WinMerge_is1" = WinMerge 2.4.10.0

"WinRAR archiver" = Archiveur WinRAR

"xvid" = XviD MPEG-4 video codec v2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 04/02/2009 20:53:05 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There may be a configuration problem: please check the logs.

Error - 06/02/2009 19:55:52 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There were 5 failed launches in a row, each lasting less than 300

seconds. Giving up.

Error - 06/02/2009 19:55:52 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There may be a configuration problem: please check the logs.

Error - 14/02/2009 02:02:00 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There were 5 failed launches in a row, each lasting less than 300

seconds. Giving up.

Error - 14/02/2009 02:02:00 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There may be a configuration problem: please check the logs.

Error - 16/02/2009 14:30:18 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There were 5 failed launches in a row, each lasting less than 300

seconds. Giving up.

Error - 16/02/2009 14:30:18 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There may be a configuration problem: please check the logs.

Error - 20/02/2009 09:52:58 | Computer Name = BLACKJP | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 20/02/2009 11:05:25 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There were 5 failed launches in a row, each lasting less than 300

seconds. Giving up.

Error - 20/02/2009 11:05:25 | Computer Name = BLACKJP | Source = netflowanalyzer | ID = 100

Description = There may be a configuration problem: please check the logs.

[ System Events ]

Error - 20/02/2009 05:22:44 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service BDRSDRV n'a pas pu démarrer en raison de l'erreur : %%2

Error - 20/02/2009 05:22:44 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service WinFast TV2000 XP WDM Video Capture n'a pas pu démarrer

en raison de l'erreur : %%1058

Error - 20/02/2009 05:22:44 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service WinFast TV2000 XP WDM TVTuner n'a pas pu démarrer en raison

de l'erreur : %%1058

Error - 20/02/2009 05:22:44 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service WinFast TV2000 XP WDM Crossbar n'a pas pu démarrer en raison

de l'erreur : %%1058

Error - 20/02/2009 05:24:17 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7022

Description = Le service Kaspersky Internet Security est en attente de démarrage.

Error - 20/02/2009 09:59:55 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service BDRSDRV n'a pas pu démarrer en raison de l'erreur : %%2

Error - 20/02/2009 09:59:55 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service WinFast TV2000 XP WDM Video Capture n'a pas pu démarrer

en raison de l'erreur : %%1058

Error - 20/02/2009 09:59:55 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service WinFast TV2000 XP WDM TVTuner n'a pas pu démarrer en raison

de l'erreur : %%1058

Error - 20/02/2009 09:59:55 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7000

Description = Le service WinFast TV2000 XP WDM Crossbar n'a pas pu démarrer en raison

de l'erreur : %%1058

Error - 20/02/2009 11:05:42 | Computer Name = BLACKJP | Source = Service Control Manager | ID = 7034

Description = Le service ManageEngine NetFlow Analyzer 4 s'est terminé de façon

inattendue pour la 1ème fois.

< End of report >

OTListIt logfile created on: 20/02/2009 21:11:58 - Run

OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\Documents and Settings\Admin\Bureau

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,23 Mb Total Physical Memory | 296,02 Mb Available Physical Memory | 57,90% Memory free

1,22 Gb Paging File | 0,65 Gb Available in Paging File | 53,57% Paging File free

Paging file location(s): C:\pagefile.sys 768 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,79 Gb Total Space | 28,13 Gb Free Space | 25,16% Space Free | Partition Type: NTFS

Drive D: | 152,66 Gb Total Space | 17,64 Gb Free Space | 11,56% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLACKJP

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/20 07:56:35 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2007/06/14 09:43:32 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe

PRC - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/02/10 07:54:17 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2005/11/22 23:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2005/08/09 03:27:56 | 01,019,904 | ---- | M] (Language Engineering Corporation, LLC) -- C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe

PRC - [2007/12/30 13:42:34 | 00,724,992 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe

PRC - [2004/12/12 21:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2004/08/10 15:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

PRC - [2005/07/26 07:01:30 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2006/01/03 17:08:36 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe

PRC - [2007/06/15 01:55:42 | 01,192,632 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

PRC - [2001/10/02 10:17:20 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

PRC - [2007/06/15 01:58:10 | 01,966,384 | ---- | M] (Acronis) -- C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

PRC - [2007/06/14 09:43:40 | 00,149,024 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe

PRC - [2007/04/16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2002/07/12 23:33:12 | 01,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe

PRC - [2004/08/19 08:10:06 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

PRC - [2009/02/10 07:54:17 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

PRC - [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/02/20 07:56:39 | 00,509,784 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2004/03/22 13:50:58 | 02,265,088 | ---- | M] () -- C:\AdventNet\ME\NetFlow\mysql\bin\mysqld-nt.exe

PRC - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2009/02/20 21:02:38 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/06/14 09:43:32 | 00,411,168 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])

SRV - [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2003/02/20 12:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009/02/10 07:54:17 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])

SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2006/09/14 02:37:54 | 00,561,152 | ---- | M] () -- C:\Program Files\WinFax eXPert\BVRPKrnl.exe -- (BvrpKrnl [On_Demand | Stopped])

SRV - [2005/11/22 23:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])

SRV - [2004/08/19 08:09:38 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])

SRV - [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

SRV - [2009/02/20 07:56:35 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])

SRV - [2005/08/09 03:27:56 | 01,019,904 | ---- | M] (Language Engineering Corporation, LLC) -- C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe -- (LEC TranslateDotNet Server [Auto | Running])

SRV - [2005/09/30 07:37:44 | 00,126,976 | ---- | M] () -- C:\AdventNet\ME\NetFlow\bin\wrapper.exe -- (netflowanalyzer [Auto | Stopped])

SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2007/12/30 13:42:34 | 00,724,992 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])

SRV - [2004/12/12 21:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])

SRV - [2004/08/10 15:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/08/07 18:33:12 | 04,108,992 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])

DRV - [2003/03/06 09:32:28 | 00,007,311 | ---- | M] (ALi Corporation) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [boot | Running])

DRV - [2005/07/26 07:44:04 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2004/10/04 05:34:56 | 00,075,925 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848 [Auto | Stopped])

DRV - [2002/07/16 17:58:12 | 00,379,726 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running])

DRV - [2008/08/29 18:03:08 | 00,019,572 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\system32\drivers\FNETDEVI.SYS -- (FNETDEVI [system | Running])

DRV - [2004/01/19 09:27:18 | 00,019,153 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])

DRV - [2004/01/19 09:27:26 | 00,006,828 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftlund.sys -- (FTLUND [On_Demand | Stopped])

DRV - [2004/01/19 09:27:32 | 00,050,396 | R--- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])

DRV - [2005/07/26 07:44:04 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])

DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GearAspiWDM [On_Demand | Running])

DRV - [2005/07/26 06:44:04 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Stopped])

DRV - [2005/07/26 06:44:00 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Stopped])

DRV - [2008/04/16 13:23:44 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [boot | Running])

DRV - [2009/02/10 07:54:18 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [boot | Running])

DRV - [2008/03/13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])

DRV - [2009/02/10 07:54:18 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klif.sys -- (KLIF [system | Running])

DRV - [2008/03/25 19:07:10 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])

DRV - [2009/02/20 07:57:17 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [boot | Running])

DRV - [2004/12/01 02:49:18 | 00,051,840 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\m5289.sys -- (m5289 [boot | Running])

DRV - [2005/07/26 06:44:06 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

DRV - [2003/10/15 02:07:38 | 00,012,288 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys -- (MTDVC2 [On_Demand | Stopped])

DRV - [2003/10/10 17:39:52 | 00,011,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys -- (MTDVC2_ENUM [On_Demand | Stopped])

DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

DRV - [2008/11/18 22:44:59 | 00,068,960 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\DRIVERS\Pcatip.sys -- (Pcatip [On_Demand | Running])

DRV - [2005/07/13 06:18:39 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])

DRV - [2001/10/02 10:17:04 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2006/07/27 11:28:33 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2004/07/17 03:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2007/09/04 23:43:37 | 00,120,992 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [boot | Running])

DRV - [2004/06/17 02:05:46 | 00,136,832 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\pfc027.sys -- (SoC PC-Camera Service [On_Demand | Stopped])

DRV - [2007/09/04 23:43:45 | 00,032,768 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])

DRV - [2007/09/04 23:43:45 | 00,392,320 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [boot | Running])

DRV - [2003/12/18 22:14:52 | 00,360,832 | R--- | M] (Texas Instruments) -- C:\WINDOWS\system32\DRIVERS\tnet1130.sys -- (TNET1130 [On_Demand | Running])

DRV - [2004/10/04 05:34:56 | 00,036,423 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr [Auto | Stopped])

DRV - [2004/10/04 05:34:56 | 00,010,005 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\wf2kxbar.sys -- (Tv2kXbar [Auto | Stopped])

DRV - [2004/07/26 14:19:16 | 00,029,696 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\DRIVERS\ULILAN.SYS -- (ULI5261 [On_Demand | Stopped])

DRV - [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

DRV - [2005/07/26 06:44:04 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2005/07/26 06:44:06 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm

IE - URLSearchHook: {BE2A0A4D-9CD6-B15F-F68E-E83B8B0476BC} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm

IE - URLSearchHook: {BE2A0A4D-9CD6-B15F-F68E-E83B8B0476BC} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\S-1-5-21-1220945662-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\S-1-5-21-1220945662-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (769 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (LEC) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 10\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found

O3 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe" (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] "C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" (Acronis)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)

O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [MaxBlastMonitor.exe] "C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" (Maxtor)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [RevHDD] C:\WINDOWS\SYSTEM\RevHDD.exe File not found

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Timer] File not found

O4 - HKLM..\Run: [VolControl] File not found

O4 - HKCU..\Run: [Entm] "C:\DOCUME~1\Admin\APPLIC~1\YMBOLS~1\cmd.exe" -vt ndrv File not found

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)

O4 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003..\Run: [Entm] "C:\DOCUME~1\Admin\APPLIC~1\YMBOLS~1\cmd.exe" -vt ndrv File not found

O4 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)

O4 - HKU\S-1-5-19..\RunOnce: [Config] %systemroot%\system32\run.cmd ()

O4 - HKU\S-1-5-19..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [Config] %systemroot%\system32\run.cmd ()

O4 - HKU\S-1-5-20..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found

O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: secuser.com ([www] http in Sites de confiance)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\..Trusted Domains: secuser.com ([www] http in Sites de confiance)

O15 - HKU\S-1-5-21-1220945662-1659004503-839522115-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9F2CCE8E-06DF-4B08-B556-9508F50449A0}\\NameServer = 193.168.0.1

O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/12/31 12:27:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{467cdeed-bf46-11dd-abd0-806d6172696f}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found

O33 - MountPoints2\{627192be-da8e-11dc-9f03-0040f4b993cf}\Shell\AutoRun\command - "" = RavMon.exe

O33 - MountPoints2\{b964ce17-7431-11dd-b84b-0040f4b993cf}\Shell\Auto\command - "" = tel.xls.exe

========== Files/Folders - Created Within 30 Days ==========

[2009/02/20 21:03:22 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTListIt2.exe

[2009/02/20 08:12:52 | 00,000,092 | -H-- | C] () -- C:\aaw7boot.cmd

[2009/02/20 08:10:05 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/02/20 07:57:58 | 00,000,512 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/02/20 07:57:54 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/02/20 07:52:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

[2009/02/20 07:52:45 | 00,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk

[2009/02/20 07:52:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/02/20 07:52:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/02/20 03:34:02 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\Spybot - Search & Destroy.lnk

[2009/02/16 07:00:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\Nouveau Dessin AutoSketch (2).SKF

[2009/01/27 06:40:36 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\vXdownloader.exe.lnk

[2009/01/27 06:39:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\vdownloader

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/02/20 21:02:38 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTListIt2.exe

[2009/02/20 08:12:52 | 00,000,092 | -H-- | M] () -- C:\aaw7boot.cmd

[2009/02/20 07:59:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/02/20 07:59:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/02/20 07:58:42 | 00,086,048 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/02/20 07:58:42 | 00,004,896 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/02/20 07:58:42 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2009/02/20 07:58:42 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/02/20 07:58:18 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db

[2009/02/20 07:57:58 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/02/20 07:57:45 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2009/02/20 07:57:17 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/02/20 07:52:45 | 00,000,888 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk

[2009/02/20 03:34:02 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\Spybot - Search & Destroy.lnk

[2009/02/20 03:19:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/02/20 02:52:30 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/20 00:00:09 | 00,000,388 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

[2009/02/19 19:57:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/02/16 07:00:11 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\Nouveau Dessin AutoSketch (2).SKF

[2009/02/15 09:19:45 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/02/11 20:25:52 | 00,447,772 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2009/02/11 20:25:52 | 00,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/02/11 20:25:52 | 00,064,492 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2009/02/11 20:25:52 | 00,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/02/11 20:25:51 | 00,959,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/02/10 07:54:18 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[2009/02/10 07:54:18 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys

[2009/02/03 13:34:44 | 00,101,287 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2009/02/03 13:34:44 | 00,089,601 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2009/01/27 06:40:36 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\vXdownloader.exe.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Admin\Mes documents\Thumbs.db:encryptable

< End of report >

pear · le 21 février 2009

Bonjour,

Java n'est pas à jour,donc moins sécurisé.

Téléchargez JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.

* Décompressez le fichier sur le bureau (clic droit > Extraire tout)

* Double-cliquer sur le répertoire JavaRa

* Puis double-cliquer sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)

* Cliquez sur Search For Updates

* Sélectionner Update Using jucheck.exe puis cliquer sur Search

* Autorisez le processus à se connecter s'il le demande, cliquer sur Install et suivre les instructions d'installation qui prennent quelques minutes.

* L'installation est terminée, revenez à l'écran de JavaRa et cliquez sur Remove Older Versions

* Cliquez sur Oui pour confirmer. Laissez travailler et cliquez ensuite sur Ok, puis une deuxième fois sur Ok.

* Un rapport va s'ouvrir à copier-coller dans la prochaine réponse.

* Fermer l'application

Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log .

process.exe, dans Smitfraudfix, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

# Vous devez donc désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

[ b]Si vous êtes Sous Vista:[/b]

Désactivez le contrôle des comptes utilisateurs (Vous le réactiverez par la suite):

http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

- Démarrer puis panneau de configuration->"Comptes d'utilisateurs"

- Cliquer ensuite sur désactiver et valider.

Sous Xp, vous faites la suite.

Télécharger SmitfraudFix sur le Bureau

Miroirs: si vous avez un problème pour télécharger, utilisez ces sites miroirs officiels qui hébergent aussi la dernière version:

http://siri.geekstogo.com/SmitfraudFix.exe

http://downloads.securitycadets.com/SmitfraudFix.exe

option 1 - Recherche :

Double cliquer sur smitfraudfix.exe

Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

Poster le rapport sur le forum.

option 2 -Nettoyage :

Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage ).

Double cliquer sur smitfraudfix.exe

Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

Redémarrer en mode normal et poster le rapport sur le forum.

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1

Attention que l'option 2 de l'outil supprime le fond d'écran !

Poster le rapport(c:\rapport.txt)

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

JOELERIC · le 21 février 2009

bjr et merci de ton aide, voici els rapports demandés :JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Feb 21 10:44:15 2009

Found and removed: C:\Program Files\Java\jre1.5.0

Found and removed: Software\JavaSoft\Java2D\1.5.0

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\JavaPlugin.150

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150000}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\

------------------------------------

Finished reporting.

et le rapport de smitfraud, dans l'attente de te lire :

SmitFraudFix v2.398

Rapport fait à 10:56:20,51, 21/02/2009

Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedul2.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Power Translator 10\LogoMedia TranslateDotNet Server.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\Mixer.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\AdventNet\ME\NetFlow\mysql\bin\mysqld-nt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch