Crainte de keylogger

PhaseJump · le 28 juillet 2009

Bonjour,

Bien qu'etant loin d'etre neophite en informatique, je ne suis pas non plus un specialiste. C'est pourquoi je me tourne vers vous.

Mes habitudes de surf sont habituellement tres saines. Neamoins, hier, en parcourant un sujet dans un forum de confiance j'ai clique un peu rapidement sur un lien et me suis retrouve sur un site a caractere sexuel en apparence avec quelquechose ressemblant beaucoup a une video YouTube avec un gros triangle "Play" au milieu de l'image . Je fermais donc assez rapidemment l'onglet, non pas sans noter que Firefox avait bloque un popup ou un controle ActiveX (?) mais que la barre d'outil d'Acrobat avait fait son apparition. Il s'est avere ce matin, apres que l'equipe de moderation fut passee par la que c'etait un site de Keylogger.

Je ne crois pas avoir autorise Firefox a installer quoi que ce soit et je n'ai clique nulle part sur la page. Mais le doute me ronge et je ne parviens pas a obtenir de reponses satisfaisantes concernant la facon dont un keylogger peut "s'inviter" sur une machine, la detection et le nettoyage.

Mon installation logicielle est tres propre et tout est a jour, pilotes comme logiciels et bases de donnees.

- J'ai passe plusieurs coups de CrapCleaner.

- J'utilise Avira Antivir, le scan n'a rien trouve ni en mode sans echec ni en session normale.

- Spybot n'a rien trouve.

- MBAM n'a rien trouve.

Qu'en pensez vous ?

Voici le rapport HijackThis, merci d'avance !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:17, on 28/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\EVEMon\EVEMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe

C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\WINDOWS\system32\OSK.exe

C:\WINDOWS\system32\MSSWCHX.EXE

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

C:\program files\mozilla firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236884133283

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{73209E5D-8A43-4E2D-9BDD-15A63B56C765}: NameServer = 212.27.40.241,212.27.40.240

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

--

End of file - 9614 bytes

Modifié le 28 juillet 2009 par PhaseJump

Mark · le 28 juillet 2009

Bonsoir PhaseJump ; je te souhaite le bienvenue sur notre forum

Je ne vois rien de malicieux ou d'anormal. HijackThis ne voit pas tout, mais les analyses négatives d'AntiVir et de MBAM en plus de l'absence de signes et symptômes me rassurent.

Tout me semble propre. Inutile de sortir l'artillerie lourde en l'absence de signes d'infection. Je te laisse donc avec un simple conseil : reviens nous voir si quelque chose d'anormal se matérialise, mais je ne pense pas que ça se produise.

Des questions ? Pas de gêne surtout.

@+

PhaseJump · le 28 juillet 2009

Bonsoir Mark.

Je trouve les explications des logiciels de securite peut claires concernant cette categorie de malware, on ne sait pas vraiment si antivirus et anti-spywares sont armes activement pour les detecter, ta reponse cependant me laisse comprendre que les "references" du genre dans le milieu des connaisseurs le sont effectivement.

Questions:

Un keylogger, tel que je l'ai compris, cherche a se faire le plus dicret possible. Suis-je dans l'erreur en pensant que je ne rencontrerai pas de probleme de performance dans le cas d'une infection ? Du coup, quels sont les "signes et symptomes" decelables ?

J'utilise au quotidien une foultitude de mots de passe, pour des sites et applications allant de sans importance a franchement critique des lors qu'il s'agit de ma securite bancaire. Je dois etre certain que ma machine n'est pas compromise. Pour m'enregistrer sur Zebulon j'ai utilise le clavier virtuel de Windows, dois-je me considerer en quarantaine et en continuer l'utilisation pour tous mes logins/mdp ?

Merci d'avance !

Modifié le 28 juillet 2009 par PhaseJump

Mark · le 28 juillet 2009

Rebonsoir

Sur les forums, nous voyons de tout et cela comprend les keyloggers. Les infections rencontrées sur les sites "sensibles" sont des infections à large déploiement et sont ciblées aggressivement par les antivirus et antimalwares. Il y a toujours une fenêtre de 24/48 heures après l'apparition d'une nouvelle variante pendant laquelle les détections sont nulles ou minimes ; possible que tu aies chopé une variante fraîche, mais peu probable, statisquement parlant.

Un keylogger nécessite une porte dérobée. Cette dernière est souvent protégée par un rootkit (furtif). Ton antivirus ainsi que MBAM sont tous deux très forts dans ce domaine, donc leur silence me parle.

Tu pourrais te mettre un pare-feu logiciel qui, en théorie, détecterait toute tentative de connexion, keyloggers et portes dérobées compris. Cependant, nous voyons des infections ultra sophistiquées qui peuvent contourner et/ou désactiver les pares-feu, donc il n'est plus l'arme de détection ultime qu'il était autrefois.

Cela dit, je te sens anxieux face à tout ça (normal), alors je te propose quelques scans supplémentaires qui permettront d'éliminer les doutes (à 99,99%). Voici :

===========

1) Télécharge OTL (de Old Timer) et sauvegarde-le sur ton Bureau :

http://oldtimer.geekstogo.com/OTL.exe

- Lance l'outil par double-clic ;

- Depuis l'écran principal de l'outil, paramètre les options suivantes (si ce n'est déjà fait) :

>> Sous Extra Registry, coche Use SafeList

>> Vers le haut, coche Scan All Users

- Clique maintenant sur le bouton "Run Scan"

** Bagle ralentit terriblement la machine, alors sois patient...

- Deux rapports seront générés par OTL, soient OTL.Txt et Extras.Txt : l'un sera ouvert (Bloc-notes) et l'autre réduit dans la barre des tâches.

- Copie/colle le contenu des deux rapports ici, dans ta réponse, s'il te plaît.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2) Télécharge GMER Rootkit Scanner du lien suivant :

http://www.gmer.net/gmer.zip

- Sauvegarde-le sur ton Bureau

- Extrais le contenu du fichier .zip sur ton Bureau (GMER.exe), puis lance-le par double-clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

Sections
IAT/EAT
**Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

@toute

Edit : mince, le lien pour OTL ne fonctionne pas chez moi en ce moment ; il semble y avoir un problème avec le site. Si c'est pareil chez toi, passe à tout le moins GMER, poste son rapport ici et on reprendra avec OTL dès que possible. Merci...

Modifié le 28 juillet 2009 par Mark

PhaseJump · le 28 juillet 2009

Salut

Tout d'abord merci pour l'explication en premiere partie de ton 2e message, c'est precisement l'information que je cherchais mais n'est pas pu ou su trouver.

---------------------------------------------------

Les scans :

- OTL.exe : Le site reste indisponible pour le moment.

- GMER, voici son rapport:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-28 23:03:23

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT B86FD706 ZwCreateKey

SSDT B86FD6FC ZwCreateThread

SSDT B86FD70B ZwDeleteKey

SSDT B86FD715 ZwDeleteValueKey

SSDT B86FD71A ZwLoadKey

SSDT B86FD6E8 ZwOpenProcess

SSDT B86FD6ED ZwOpenThread

SSDT B86FD724 ZwReplaceKey

SSDT B86FD71F ZwRestoreKey

SSDT B86FD710 ZwSetValueKey

SSDT B86FD6F7 ZwTerminateProcess

---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [268] 0x01C60000

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [268] 0x034C0000

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [708] 0x014E0000

Library C:\Program (*** hidden *** ) @ C:\program files\mozilla firefox\firefox.exe [4048] 0x016B0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION E28F761150AE9BEE56917C60FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12

7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019

D40AA5CA2D97226D213B5559FB2DBD7F6B0FAB7F4D35399FAFB7EC1449CEC3E472DE380383231C134

4D4FBB548D401FB3F157BB274FD4D62C96E69A54248D102D92EDA96FC10ABB6F90EE6322E6D552A42

0C86B25F3AAA29657E2A40A1373231C79A2CED16DB0E2533DA540D571A2053796632183A74646FD96

88C1DD9E1D1AC95C2FFB5D5B52D52B0F632715649F6AEBEEF31AA9D20D2F37F21FB81D807EBC047A7

C9F64378D53D705C9D054FB37DBD989FAF5D2E2D8F02D4CA2B3E676FD742753220F0D2F77BE4E632F

D95F784D57A88BAB3C90C6F940DD484541B24176D1A8B0ED7E507596A016301F41D49C357B165DEB5

5C4F43177DA516A54472838868E1A628B7CC069244B37576C272FB88E73A9590E28643314CC12AAC2

C1F385E9F45D343532CBDD1A1F864BA39EFE15F8A5E14219C6132B386B7D53C6937295F70A8ECDDF6

856D9F5D4729F14D3D7FA49A739AA8B0002B7A906C7E37E00F3124D1283CA50E8A1B24FC592B04CB6

110FAD84294ADE073469527F6B116D22D01CAE65557E35D0F4B7E25D408DC28A7F6B7D5E6D8BEF64B

2C7414DA343F8E4DF4602EBE26E1B139A268F1B1B75CE647F1CA

---- EOF - GMER 1.0.15 ----

PhaseJump · le 28 juillet 2009

Le lien vers OTL.exe est retablit, voici les 2 rapports :

OTL logfile created on: 28/07/2009 23:25:28 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\inR\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 139,73 Gb Total Space | 82,42 Gb Free Space | 58,99% Space Free | Partition Type: NTFS

Drive D: | 2,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 115,03 Gb Total Space | 15,18 Gb Free Space | 13,20% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PETIT-PETIT

Current User Name: inR

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2007/12/13 20:12:02 | 00,467,028 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe

PRC - [2009/06/09 12:30:17 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/06/09 12:30:17 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2008/11/18 12:18:38 | 00,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe

PRC - [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/03/28 04:21:45 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2009/07/27 23:31:07 | 00,189,672 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

PRC - [2005/05/12 12:02:24 | 00,437,760 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe

PRC - [2008/04/14 14:00:00 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2006/07/13 15:11:42 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

PRC - [2005/11/04 19:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

PRC - [2006/12/12 11:46:52 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE

PRC - [2006/12/12 11:46:54 | 00,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFIHLP.EXE

PRC - [2002/03/19 18:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\System32\taskswitch.exe

PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2006/12/12 11:43:58 | 00,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTXFISPI.EXE

PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/03/05 17:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/06/17 21:27:38 | 01,253,376 | ---- | M] (EVEMon Development Team) -- C:\Program Files\EVEMon\EVEMon.exe

PRC - [2009/03/18 03:08:08 | 01,171,456 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

PRC - [2008/11/07 17:43:36 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/30 13:21:04 | 29,290,496 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe

PRC - [2006/10/03 18:12:08 | 02,074,360 | ---- | M] (Stardock) -- C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

PRC - [2008/04/14 14:00:00 | 00,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\OSK.exe

PRC - [2008/04/14 14:00:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSWCHX.EXE

PRC - [2008/11/07 17:39:36 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

PRC - [2009/07/24 05:48:09 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\program files\mozilla firefox\firefox.exe

PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009/07/28 23:23:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inR\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/12/13 20:12:02 | 00,467,028 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe -- (ACS [Auto | Running])

SRV - [2009/06/09 12:30:17 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009/06/09 12:30:17 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2008/11/18 12:18:38 | 00,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])

SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999/12/12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008/04/14 14:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])

SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2008/04/16 15:52:18 | 00,356,434 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe -- (jswpsapi [On_Demand | Stopped])

SRV - [2008/11/07 17:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])

SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Disabled | Stopped])

SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])

SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2009/06/02 20:56:10 | 02,862,428 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])

SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])

SRV - [2009/03/28 04:21:45 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2009/07/27 23:31:07 | 00,189,672 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])

SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])

SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Disabled | Stopped])

SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/01/17 12:25:46 | 01,331,136 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\athw.sys -- (AR5416 [On_Demand | Stopped])

DRV - [2008/11/18 12:18:40 | 00,012,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\asusgsb.sys -- (asusgsb [On_Demand | Running])

DRV - [2008/11/18 12:18:38 | 00,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\drivers\atkkbnt.sys -- (asuskbnt [system | Running])

DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009/04/28 23:42:53 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009/04/28 23:42:53 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2006/12/19 09:35:40 | 00,511,288 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])

DRV - [2007/06/18 04:01:28 | 00,514,560 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])

DRV - [2005/11/10 11:06:04 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])

DRV - [2006/12/19 09:36:36 | 00,014,648 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])

DRV - [2006/12/19 09:36:42 | 00,156,984 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

DRV - [2006/06/14 14:44:30 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO_XP.sys -- (EIO_XP [system | Running])

DRV - [2006/12/19 09:36:46 | 00,090,936 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])

DRV - [2009/03/12 20:08:55 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])

DRV - [2006/12/19 09:36:54 | 01,160,504 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])

DRV - [2008/04/14 14:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])

DRV - [2007/09/29 07:30:52 | 00,065,024 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID [boot | Running])

DRV - [2007/08/28 21:46:02 | 00,057,344 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\jswscimd.sys -- (JSWSCIMD [On_Demand | Running])

DRV - [2008/09/26 10:52:00 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])

DRV - [2008/09/26 10:52:00 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])

DRV - [2008/09/26 10:52:00 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])

DRV - [2008/09/26 10:53:00 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])

DRV - [2008/09/26 10:53:00 | 00,028,816 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LUsbFilt.Sys -- (LUsbFilt [On_Demand | Stopped])

DRV - [2008/04/14 14:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])

DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2008/04/14 14:00:00 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

DRV - [2008/04/14 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])

DRV - [2008/04/14 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

DRV - [2006/12/19 09:36:32 | 00,128,312 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])

DRV - [2009/07/27 23:32:00 | 00,139,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped])

DRV - [2008/04/14 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007/09/19 15:44:46 | 00,101,504 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - File not found -- -- (SANDRA [On_Demand | Running])

DRV - File not found -- Service key not found. -- (SASENUM [unknown | Stopped])

DRV - File not found -- Service key not found. -- (SASKUTIL [unknown | Running])

DRV - [2008/04/14 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2009/06/09 12:30:17 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2008/11/18 12:18:40 | 00,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\Drivers\Video3D32.sys -- (Video3D [On_Demand | Running])

DRV - [2007/12/13 20:31:02 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\wsimd.sys -- (WSIMD [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKU\S-1-5-21-1993962763-630328440-682003330-1004\S-1-5-21-1993962763-630328440-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.15.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/12 21:23:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/13 10:24:07 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\program files\Mozilla Firefox\components [2009/07/24 05:48:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2009/07/24 05:48:11 | 00,000,000 | ---D | M]

[2009/03/12 22:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\inR\Application Data\mozilla\Extensions

[2009/03/12 22:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\inR\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/28 14:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\inR\Application Data\mozilla\Firefox\Profiles\kl36yun3.default\extensions

[2009/05/29 23:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\inR\Application Data\mozilla\Firefox\Profiles\kl36yun3.default\extensions\battlefieldheroespatcher@ea.com

[2009/07/26 11:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\inR\Application Data\mozilla\Firefox\Profiles\kl36yun3.default\extensions\personas@christopher.beard

[2009/07/28 14:35:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/07/24 05:48:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/03/13 10:06:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/03/13 10:24:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/05/01 22:34:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/07/24 05:48:09 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/24 05:48:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/07/24 05:48:09 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/03/19 01:19:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/04/28 23:29:31 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2009/04/28 23:29:31 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2009/04/28 23:29:31 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/04/28 23:29:31 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2009/04/28 23:29:31 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2009/04/28 23:29:31 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (317993 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10907 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe ()

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-1993962763-630328440-682003330-1004..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)

O4 - HKU\S-1-5-21-1993962763-630328440-682003330-1004..\Run: [EVEMon] C:\Program Files\EVEMon\EVEMon.exe (EVEMon Development Team)

O4 - HKU\S-1-5-21-1993962763-630328440-682003330-1004..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\wirelesscm.exe ( )

O4 - Startup: C:\Documents and Settings\inR\Menu Démarrer\Programmes\Démarrage\Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]

O7 - HKU\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1993962763-630328440-682003330-1004\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1236884133283 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\WlanGINA\Version\1.0.4.0\WlanGINA.dll) - C:\WINDOWS\WlanGINA\Version\1.0.4.0\WlanGINA.dll ()

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/12 19:34:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{d09b2bce-0f2d-11de-a349-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{d09b2bce-0f2d-11de-a349-806d6172696f}\Shell\AutoRun\command - "" = D:\Run.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]

[8 C:\Documents and Settings\All Users\Application Data\*.tmp files]

[2009/07/28 23:23:01 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\inR\Bureau\OTL.exe

[2009/07/28 22:54:02 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\inR\Bureau\gmer.exe

[2009/07/28 22:53:11 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\inR\Bureau\gmer.zip

[2009/07/28 20:28:26 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/07/28 18:08:39 | 00,770,144 | ---- | C] () -- E:\MeDocs\Rapport Système.htm

[2009/07/28 17:59:39 | 00,000,000 | ---D | C] -- C:\Program Files\SiSoftware

[2009/07/28 17:19:31 | 34,880,75776 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/28 15:29:56 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\inR\Bureau\HijackThis.lnk

[2009/07/28 15:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/07/28 15:13:18 | 00,229,362 | ---- | C] () -- E:\MeDocs\cc_20090728_151316.reg

[2009/07/28 13:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/07/28 13:03:33 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/07/28 13:03:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\inR\Application Data\SUPERAntiSpyware.com

[2009/07/27 13:37:06 | 00,036,770 | ---- | C] () -- E:\MeDocs\telephone.pdf

[2009/07/24 05:27:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/07/23 10:53:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/07/23 10:52:59 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/07/22 03:18:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\inR\Application Data\dvdcss

[2009/07/21 19:43:51 | 00,001,630 | ---- | C] () -- C:\Documents and Settings\inR\Bureau\Empire Total War.lnk

[2009/07/21 16:48:22 | 00,011,210 | ---- | C] () -- E:\MeDocs\cc_20090721_164820.reg

[2009/07/21 16:24:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/07/21 01:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\inR\Application Data\The Creative Assembly

[2009/07/20 21:56:30 | 00,002,207 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Steam.lnk

[2009/07/20 21:56:30 | 00,000,000 | ---D | C] -- C:\Program Files\Steam

[2009/07/08 13:21:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\inR\Local Settings\Application Data\Monte Cristo

[2009/07/08 12:52:47 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Cities XL.lnk

[2009/07/08 12:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Monte Cristo

[2009/07/03 02:12:50 | 00,000,020 | ---- | C] () -- E:\MeDocs\aionmemo_7823c2ca.dat

[2009/07/02 19:40:26 | 02,862,428 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des

[2009/07/02 19:40:16 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd

[2009/07/02 19:40:16 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys

[2009/07/02 19:39:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files

[2009/07/02 19:33:56 | 00,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Aion.lnk

[2009/07/02 19:30:07 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\NCsoft Launcher.lnk

[2009/07/02 19:30:06 | 00,000,000 | ---D | C] -- C:\Program Files\NCsoft

[2009/05/14 17:56:21 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini

[2009/05/14 17:56:20 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/05/14 17:56:20 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll

[2009/05/14 17:56:20 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll

[2009/05/14 17:56:20 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll

[2009/05/14 17:56:20 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll

[2009/05/14 17:56:20 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll

[2009/05/14 17:56:20 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll

[2009/05/14 17:56:20 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll

[2009/05/14 17:56:19 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/05/14 17:56:19 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll

[2009/05/11 20:38:05 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/04/07 21:26:45 | 00,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI

[2009/03/15 02:38:46 | 00,139,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/03/12 22:37:05 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini

[2009/03/12 20:38:02 | 00,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009/03/12 20:38:02 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIFRN.DLL

[2009/03/12 20:38:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/05/26 23:23:32 | 00,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 23:23:30 | 00,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 23:23:28 | 00,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/04/14 14:00:00 | 00,000,528 | ---- | C] () -- C:\WINDOWS\win.ini

[2008/04/14 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2006/05/24 07:00:48 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2006/05/24 06:38:39 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2005/07/26 23:13:12 | 00,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2005/06/07 15:10:50 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[8 C:\Documents and Settings\All Users\Application Data\*.tmp files]

[2009/07/28 23:23:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inR\Bureau\OTL.exe

[2009/07/28 22:53:11 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\inR\Bureau\gmer.zip

[2009/07/28 18:06:46 | 00,770,144 | ---- | M] () -- E:\MeDocs\Rapport Système.htm

[2009/07/28 17:21:55 | 00,232,465 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/07/28 17:19:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/07/28 17:19:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/07/28 17:19:31 | 34,880,75776 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/28 16:13:40 | 00,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx

[2009/07/28 16:13:40 | 00,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx

[2009/07/28 16:13:40 | 00,054,160 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00311102}.rfx

[2009/07/28 16:13:40 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2009/07/28 16:13:40 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2009/07/28 15:29:56 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\inR\Bureau\HijackThis.lnk

[2009/07/28 15:13:21 | 00,229,362 | ---- | M] () -- E:\MeDocs\cc_20090728_151316.reg

[2009/07/28 14:33:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/07/28 13:56:01 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/07/28 13:56:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/07/28 13:56:01 | 00,000,216 | -HS- | M] () -- C:\boot.ini

[2009/07/28 13:31:31 | 00,317,993 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/07/27 23:32:00 | 00,139,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/07/27 23:31:07 | 00,189,672 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2009/07/27 23:31:07 | 00,189,672 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2009/07/27 13:37:06 | 00,036,770 | ---- | M] () -- E:\MeDocs\telephone.pdf

[2009/07/25 23:15:13 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Steam.lnk

[2009/07/21 19:43:51 | 00,001,630 | ---- | M] () -- C:\Documents and Settings\inR\Bureau\Empire Total War.lnk

[2009/07/21 16:48:37 | 00,011,210 | ---- | M] () -- E:\MeDocs\cc_20090721_164820.reg

[2009/07/21 16:35:44 | 00,317,693 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090728-133131.backup

[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/08 12:52:47 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Cities XL.lnk

[2009/07/07 17:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/07/06 21:02:13 | 00,000,020 | ---- | M] () -- E:\MeDocs\aionmemo_7823c2ca.dat

[2009/07/03 01:52:51 | 00,579,536 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2009/07/03 01:52:51 | 00,487,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/07/03 01:52:51 | 00,111,050 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2009/07/03 01:52:51 | 00,088,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/07/03 01:52:50 | 01,285,716 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/07/02 19:33:56 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Aion.lnk

[2009/07/02 19:30:07 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\NCsoft Launcher.lnk

[2009/06/30 13:18:28 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk

< End of report >

OTL Extras logfile created on: 28/07/2009 23:25:28 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\inR\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 139,73 Gb Total Space | 82,42 Gb Free Space | 58,99% Space Free | Partition Type: NTFS

Drive D: | 2,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 115,03 Gb Total Space | 15,18 Gb Free Space | 13,20% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PETIT-PETIT

Current User Name: inR

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)

"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\1C\Men of War\mow_mp.exe" = C:\Program Files\1C\Men of War\mow_mp.exe:*:Enabled:Main executable -- ("Best Way" Corp)

"C:\Program Files\1C\Men of War\mow.exe" = C:\Program Files\1C\Men of War\mow.exe:*:Enabled:Main executable -- ("Best Way" Corp)

"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)

"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)

"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortChecker -- (portforward.com)

"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)

"C:\Program Files\Steam\steamapps\common\empire total war\Empire.exe" = C:\Program Files\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)

"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.0" = Update 1.11.3.0 for "Men of War"

"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01

"{3FFB3008-61A4-4D8F-9467-4AA6B6421728}" = Aion

"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{64449858-6A64-4469-BCAC-6C751C79F761}" = ASUS Smart Doctor

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A5C92CF6-7B3E-4892-8DE5-125E44D1AD06}" = nHancer

"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP

"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2 Complete Collection

"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1.2 - Français

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}" = DWA-547

"{CC4914EF-6618-4949-A1CF-BD4917A00221}" = SYSTEM_INFO B07.1213.01

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AlienGUIse Theme Manager" = AlienGUIse Theme Manager

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Demigod" = Demigod

"Download Manager" = Download Manager 2.3.8

"EADM" = EA Download Manager

"EVEMon" = EVEMon

"FrostWire" = FrostWire 4.17.2

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Impulse" = Impulse

"InstallShield_{64449858-6A64-4469-BCAC-6C751C79F761}" = ASUS Smart Doctor

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"mIRC" = mIRC

"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PFPortChecker" = PFPortChecker 1.0.28

"Sins of a Solar Empire" = Sins of a Solar Empire

"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment

"Smart Defrag_is1" = Smart Defrag 1.20

"Steam App 10500" = Empire: Total War

"SysInfo" = Creative System Information

"SystemRequirementsLab" = System Requirements Lab

"Tweak UI 2.10" = Tweak UI

"VLC media player" = VLC media player 0.9.9

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"xvid" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-630328440-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Cities XL" = Cities XL

"NoNameScript" = NNScript

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 08/07/2009 19:57:54 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante citiesxl_game.exe, version 0.0.0.0, module

défaillant core.dll, version 0.0.0.0, adresse de défaillance 0x00005899.

Error - 09/07/2009 06:05:07 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante citiesxl_game.exe, version 0.0.0.0, module

défaillant core.dll, version 0.0.0.0, adresse de défaillance 0x00005899.

Error - 12/07/2009 01:01:09 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante , version 0.0.0.0, module défaillant unknown,

version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 13/07/2009 13:50:05 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante ExeFile.exe, version 6.10.1.22539, module

défaillant python25.dll, version 2.5.3100.1013, adresse de défaillance 0x0002be77.

Error - 17/07/2009 13:03:02 | Computer Name = PETIT-PETIT | Source = Application Hang | ID = 1002

Description = Application bloquée Demigod.exe, version 1.1.0.156, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 17/07/2009 13:15:24 | Computer Name = PETIT-PETIT | Source = Application Hang | ID = 1002

Description = Application bloquée Demigod.exe, version 1.1.0.156, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/07/2009 13:50:43 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante demigod.exe, version 1.1.0.156, module défaillant

impulsereactor.dll, version 1.0.0.56, adresse de défaillance 0x000c565c.

Error - 20/07/2009 21:07:04 | Computer Name = PETIT-PETIT | Source = Application Hang | ID = 1002

Description = Application bloquée Empire.exe, version 1.0.0.0, module bloqué hungapp,

version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/07/2009 14:08:40 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante exefile.exe, version 6.10.1.22539, module

défaillant _trinity.dll, version 6.10.1.22593, adresse de défaillance 0x003286e6.

Error - 27/07/2009 14:08:55 | Computer Name = PETIT-PETIT | Source = Application Error | ID = 1000

Description = Application défaillante exefile.exe, version 6.10.1.22539, module

défaillant _trinity.dll, version 6.10.1.22593, adresse de défaillance 0x003286e6.

[ System Events ]

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:37 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:38 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:38 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 28/07/2009 14:28:38 | Computer Name = PETIT-PETIT | Source = Service Control Manager | ID = 7023

Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

< End of report >

Mark · le 29 juillet 2009

Bon boulot PhaseJump

Je ne vois rien d'anormal ou de malicieux dans ces rapports. FireFox a bien fait son travail.

Tu peux utiliser la clavier normalement, sans craintes.

Nous allons maintenant te débarrasser des outils et rapports générés (OTL et GMER), de cette façon :

- Lance OTL en double-cliquant OTL.exe ;

- Clique sur le bouton "CleanUP", situé au haut, à droite.

- Tu auras une invite pour amorcer le nettoyage ; clique "Yes".

- Possible que l'outil te demande un redémarrage pour terminer : clique "Yes", le cas échéant. La machine va redémarrer et le nettoyage sera complet, OTL inclus.

~~~~~~~~~~~~~~~~~~~

Conserve Malwarebytes' Anti-Malware pour des analyses périodiques. Il supplante largement des outils tels SpyBot et Ad-Aware, qui ne sont plus à la hauteur. Il ne suffit que de le mettre à jour avant de démarrer une analyse rapide (via l'onglet "Mise à jour").

~~~~~~~~~~~~~~~~~~~

Dernière petite remarque : je vois que tu opères des nettoyages de la base de registre avec CCleaner. Je déconseille cette pratique, et pas juste avec CCleaner mais avec tout nettoyeur de bdr. Le registre de Windows est une structure très complexe et fragile. Il y beaucoup de dépendances entres différents programmes et aucun nettoyeur ne possède l'intelligence nécessaire pour accomplir un nettoyage correctement ciblé et sécuritaire. Les risques ne sont pas énormes, je l'avoue, mais j'ai vu des machines plantées, sur les forums, suite à des nettoyages "routiniers" de registre. Moi je dis : pourquoi risquer cela, surtout que ces nettoyages ne donnent guère les résultats affichés. Les nettoyeurs proposent souvent de faire une sauvegarde avant nettoyage (CCleaner est l'un d'eux), mais cette sauvegarde ne pourra que faire dodo si la machine refuse de démarrer...

Alors voilà, c'est tout pour moi

@+

Mark

PhaseJump · le 29 juillet 2009

Bonjour Mark.

N'ayant pas pour habitude d'avoir un systeme verole (derniere infection en date etait l'imparable virus Blaster en 2003), j'avoue n'avoir entendu parle de la categorie keylogger qu'il y a quelques mois. Je ne savais pas que c'etait si courant ni que antivirus et antimalwares ont tout ce qu'il faut dans leur arsenal pour les contrer efficacement.

Je connaissais vaguement le nom Zebulon depuis longtemps mais je viens seulement de decouvrir la richesse de votre communaute et la qualite de son travail, un grand bravo a toute votre equipe

Et bien sur, un grand merci a toi pour le temps passe a m'aider!

@+

Mark · le 29 juillet 2009

Ce fut un plaisir

Blaster ? Oh que de doux souvenirs... Les infections étaient plus simples à cette époque, mais cette nouvelle famille de vers avaient grandement secoué les esprits. La machine va redémarrer dans 60 secondes... Je me souviens l'avoir affronté sur la machine de mon pote, peu de temps après sa sortie.

De nos jours, les infections sont créées et distribuées massivement et c'est le fric qui dirige. Beurk !

Éviter les infections, ce n'est pas si compliqué au fond ; il suffit de faire preuve de prudence et de vigilence, en gros. On peut mettre douze outils de prévention sur une machine, mais la négligence et/ou la témérité aura vite raison de l'arsenal, inévitablement.

Le forum sera là si tu as des questions ou pépins à l'avenir.

Sur ce, je te souhaite de l'excellent surf

@ bientôt

Mark

Connexion

Pas encore inscrit ?

Crainte de keylogger

Messages recommandés

PhaseJump

Mark

PhaseJump

Mark

PhaseJump

PhaseJump

Mark

PhaseJump

Mark

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer