[Résolu] PC infecté ou pas ?

[Mark]

J'avais quelques minutes, alors je te propose une autre analyse qui nous permettra de regarder plus "large" :

 

Télécharge OTL (de Old Timer) et sauvegarde-le sur ton Bureau :

http://oldtimer.geekstogo.com/OTL.exe

 

- Lance l'outil par double-clic ;

- Depuis l'écran principal de l'outil, paramètre les options suivantes (si ce n'est déjà fait) :

>> Sous Extra Registry, coche Use SafeList

>> Vers le haut, coche Scan All Users

- Clique maintenant sur le bouton "Run Scan"

- Deux rapports seront générés par OTL, soient OTL.Txt et Extras.Txt : l'un sera ouvert (Bloc-notes) et l'autre réduit dans la barre des tâches.

- Copie/colle le contenu des deux rapports ici, dans ta réponse, s'il te plaît.

 

====================

 

Conseil amical : Avast! n'a pas su détecter la bestiole au départ ; peut-être n'était-il pas encore installé, ou bien il l'a tout simplement loupée. AntiVir (gratuit) connait cette bête depuis plusieurs semaines déjà, alors je te conseillerais de désinstaller Avast!, pour ensuite mettre AntiVir et de faire un examen complet. Tu trouveras AntiVir ici >>

http://telechargement.zebulon.fr/antivir.html

Une fois installé, refuse l'analyse qui te sera propsée car tu devras lancer la mise à jour manuellement, via l'icône près de l'horloge. Ensuite tu peux lancer l'analyse complète. Les mises à jour se feront automatiquement par la suite, une fois par jour, généralement.

 

*L'installation d'AntiVir est optionnelle, mais je te le conseille.

 

J'attends donc les deux rapports de l'outil OTL et peut-être celui d'AntiVir également.

 

@toute

[jean6060]

Bonjour,

 

Tous les dossiers Žc´ etc sont effectivement vides.

 

Voici les rapports Otl :

 

OTL logfile created on: 07/08/2009 08:44:37 - Run 1

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\jean.quiniou\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,02% Memory free

3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,43% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186,31 Gb Total Space | 84,04 Gb Free Space | 45,11% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 631,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive P: | 396,43 Gb Total Space | 170,04 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

Drive R: | 396,43 Gb Total Space | 170,04 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

Drive U: | 396,43 Gb Total Space | 170,04 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

 

Computer Name: CORB-PC32

Current User Name: jean.quiniou

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2007/09/21 01:01:36 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2007/09/21 01:01:36 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe

PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2005/01/17 17:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2009/04/24 22:51:38 | 00,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe

PRC - [2006/05/25 20:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TODDSrv.exe

PRC - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2004/08/10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2008/04/13 19:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

PRC - [2007/07/06 07:49:52 | 00,651,264 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

PRC - [2007/06/01 06:40:54 | 00,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

PRC - [2006/02/09 15:54:54 | 00,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

PRC - [2005/12/27 14:06:32 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TDispVol.exe

PRC - [2006/03/16 14:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2007/04/26 12:49:34 | 00,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

PRC - [2007/06/28 13:38:50 | 00,888,832 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2007/05/22 11:50:02 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

PRC - [2008/10/15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

PRC - [2006/11/10 16:37:14 | 00,344,064 | ---- | M] () -- C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe

PRC - [2007/06/28 13:20:54 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2007/06/28 12:49:38 | 04,764,672 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

PRC - [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2007/10/18 11:58:36 | 00,241,664 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\ICON225\CardDetector.exe

PRC - [2009/02/05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2005/08/12 12:14:30 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSMain.exe

PRC - [2007/06/30 09:18:06 | 00,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\TCtrlIOHook.exe

PRC - [2007/09/03 16:52:22 | 16,841,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2005/08/12 12:14:16 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exe

PRC - [2005/06/06 10:58:44 | 00,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\ZoomingHook.exe

PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2007/01/09 15:23:04 | 00,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe

PRC - [2005/04/11 17:08:00 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

PRC - [2006/06/26 22:45:18 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2008/12/12 08:31:10 | 01,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

PRC - [2006/06/26 22:45:02 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

PRC - [2009/08/05 22:04:14 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/08/07 08:43:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jean.quiniou\Bureau\OTL.exe

 

========== Win32 Services (SafeList) ==========

 

SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])

SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2007/09/21 01:01:36 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2009/03/17 15:38:22 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])

SRV - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2005/01/17 17:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])

SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/04/24 22:51:38 | 00,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC [Auto | Running])

SRV - [2008/04/13 19:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])

SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])

SRV - [2006/05/25 20:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])

SRV - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])

SRV - [2004/08/10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

 

========== Driver Services (SafeList) ==========

 

DRV - [2004/04/30 10:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [boot | Running])

DRV - [2004/04/30 10:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [boot | Running])

DRV - [2009/02/05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

DRV - [2006/11/28 16:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

DRV - [2007/04/05 00:19:20 | 00,546,112 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])

DRV - [2009/02/05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009/02/05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009/02/05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009/02/05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2009/02/05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2004/08/03 23:59:44 | 00,095,360 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [boot | Running])

DRV - [2007/09/21 01:10:48 | 02,418,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2009/06/09 11:53:01 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])

DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2007/07/09 17:17:36 | 00,095,744 | R--- | M] (Option NV) -- C:\WINDOWS\System32\DRIVERS\Gt51Ip.sys -- (GT72NDISIPXP [On_Demand | Stopped])

DRV - [2007/06/26 16:38:46 | 00,051,968 | R--- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gt72ubus.sys -- (GT72UBUS [On_Demand | Stopped])

DRV - [2007/03/30 16:38:14 | 00,008,064 | R--- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped])

DRV - [2006/12/28 13:44:44 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Running])

DRV - [2008/04/13 09:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2007/03/21 13:58:56 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running])

DRV - [2008/06/08 08:37:46 | 00,011,304 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [boot | Running])

DRV - [2008/06/08 08:37:56 | 00,132,904 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [boot | Running])

DRV - [2007/09/05 18:31:30 | 04,611,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2009/03/22 19:06:38 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])

DRV - [2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])

DRV - [2003/01/29 15:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])

DRV - [2007/04/27 05:01:34 | 02,203,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])

DRV - [2007/11/05 09:37:02 | 00,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5 [On_Demand | Stopped])

DRV - [2007/10/30 18:31:38 | 00,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])

DRV - [2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007/02/07 01:43:26 | 00,090,880 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2008/04/13 09:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2007/06/28 13:16:22 | 00,209,312 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

DRV - [2007/02/22 16:10:30 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])

DRV - [2007/03/26 13:22:18 | 00,105,856 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tdudf.sys -- (tdudf [Auto | Running])

DRV - [2007/01/24 15:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

DRV - [2009/07/30 18:48:56 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

DRV - [2006/10/23 17:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])

DRV - [2006/06/22 17:27:12 | 00,011,264 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\System32\drivers\TPwSav.sys -- (TPwSav [system | Running])

DRV - [2007/02/19 13:15:32 | 00,134,016 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\trudf.sys -- (trudf [Auto | Running])

DRV - [2005/10/21 03:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])

DRV - [2007/04/16 11:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\S-1-5-21-2469986633-4137749807-4248974736-1204\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\S-1-5-21-2469986633-4137749807-4248974736-1204\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/17 15:07:49 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/28 11:02:52 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 22:04:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 22:04:23 | 00,000,000 | ---D | M]

 

[2009/04/07 11:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jean.quiniou\Application Data\mozilla\Extensions

[2009/03/17 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jean.quiniou\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/07 11:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jean.quiniou\Application Data\mozilla\Extensions\home2@tomtom.com

[2009/08/05 20:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jean.quiniou\Application Data\mozilla\Firefox\Profiles\is4hi1ht.default\extensions

[2009/03/29 21:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jean.quiniou\Application Data\mozilla\Firefox\Profiles\is4hi1ht.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009/08/05 20:23:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/05 22:04:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/04/28 11:03:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/04/28 11:06:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/06/24 14:14:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/08/05 08:33:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/08/05 22:04:14 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/05 22:04:14 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/05 22:04:14 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/06/06 10:03:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/24 20:03:15 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2009/07/24 20:03:15 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2009/07/24 20:03:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/24 20:03:15 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2009/07/24 20:03:15 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2009/07/24 20:03:15 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: (318452 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 10946 more lines...

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe ()

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [bEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe (France Telecom SA)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [CardDetector] C:\Program Files\CardDetector\ICON225\CardDetector.exe (France Telecom SA)

O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)

O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TFncKy] File not found

O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)

O4 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)

O4 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-2469986633-4137749807-4248974736-1204\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247951426140 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.101

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corbeil-predal.local

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/08 09:16:34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009/08/07 08:43:36 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jean.quiniou\Bureau\OTL.exe

[2009/08/06 18:13:55 | 00,102,148 | ---- | C] () -- C:\Documents and Settings\jean.quiniou\Bureau\SystemLook.exe

[2009/08/06 15:36:17 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Bayo

[2009/08/06 15:31:59 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\jean.quiniou\Application Data\SecuROM

[2009/08/06 10:47:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/08/05 19:49:36 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009/08/05 19:49:36 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009/08/05 19:49:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009/08/05 19:49:36 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009/08/05 19:49:34 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009/08/05 19:44:15 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/08/05 09:10:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jean.quiniou\Bureau\trace

[2009/08/05 09:03:41 | 03,154,930 | R--- | C] () -- C:\Documents and Settings\jean.quiniou\Bureau\ComboFix.exe

[2009/08/05 08:33:28 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/08/05 08:33:28 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/08/05 08:33:28 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/08/04 15:53:47 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/08/04 15:53:47 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/08/04 15:53:47 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/08/04 15:53:47 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Antivirus.lnk

[2009/08/04 15:53:46 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/08/04 15:53:46 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/08/04 15:53:46 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/08/04 15:53:46 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/08/04 15:53:46 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/08/04 15:53:35 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/08/04 15:53:35 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/08/04 08:15:33 | 21,458,32960 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/03 20:37:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc

[2009/08/02 19:16:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc•

[2009/08/02 19:16:06 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/08/02 19:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jean.quiniou\Bureau\Business_Everywhere_8_0_5_917

[2009/08/02 19:15:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc´

[2009/08/02 19:15:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc¨

[2009/08/02 19:15:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcx

[2009/08/02 17:59:18 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\otey.sys

[2009/08/02 16:39:41 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/08/02 10:36:24 | 00,000,000 | ---D | C] -- C:\Program Files\CardDetector

[2009/08/02 09:42:09 | 03,278,552 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\jean.quiniou\Bureau\ccsetup222.exe

[2009/08/01 19:21:20 | 00,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Business Everywhere.lnk

[2009/07/30 20:11:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/07/30 18:49:47 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/07/29 06:46:01 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/07/29 06:45:59 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/07/26 19:07:40 | 00,443,710 | ---- | C] () -- C:\DSCN3177.jpg

[2009/07/26 19:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jean.quiniou\Mes documents\Nero

[2009/07/26 18:42:24 | 01,571,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009/07/26 18:42:24 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009/07/26 18:42:24 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009/07/26 18:42:24 | 00,438,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009/07/26 18:42:24 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009/07/26 18:42:24 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009/07/26 18:42:24 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009/07/26 18:42:24 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009/07/26 18:42:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009/07/26 18:42:24 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009/07/26 18:42:24 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009/07/26 18:42:23 | 02,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009/07/26 18:42:23 | 02,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009/07/26 18:42:23 | 01,054,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009/07/26 18:42:23 | 01,037,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009/07/26 18:42:23 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009/07/26 18:42:23 | 00,851,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009/07/26 18:42:23 | 00,579,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009/07/26 18:42:23 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009/07/26 18:42:23 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009/07/26 18:42:23 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009/07/26 18:42:23 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009/07/26 18:42:23 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll

[2009/07/26 18:42:23 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009/07/26 18:42:23 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009/07/26 18:42:23 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009/07/26 18:42:23 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009/07/26 18:42:23 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009/07/26 18:42:23 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009/07/26 18:42:23 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009/07/26 18:42:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009/07/26 18:42:23 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009/07/26 18:42:23 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009/07/26 18:42:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009/07/26 18:42:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009/07/26 18:42:23 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009/07/26 18:42:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009/07/26 18:42:23 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009/07/26 18:42:23 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009/07/26 18:42:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009/07/26 18:35:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe

[2009/07/26 18:35:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe

[2009/07/26 18:29:10 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/07/26 18:29:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/07/26 18:29:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/07/26 18:29:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/07/26 18:29:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/07/26 18:29:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/07/26 18:29:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/07/26 18:29:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/07/26 18:29:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/07/25 10:57:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcö

[2009/07/22 19:26:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcù

[2009/07/22 15:19:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcø

[2009/07/21 22:03:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc÷

[2009/07/21 22:02:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcû

[2009/07/21 22:02:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žch

[2009/07/21 22:02:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc

[2009/07/21 22:02:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcú

[2009/07/21 22:02:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc™

[2009/07/21 22:02:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcå

[2009/07/21 22:02:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcg

[2009/07/21 22:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr

[2009/07/21 22:01:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2009/07/21 21:59:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2009/07/21 21:59:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc³

[2009/07/21 21:58:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc 

[2009/07/21 21:58:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2009/07/21 21:34:00 | 00,000,000 | ---D | C] -- C:\Config.Msi

[2009/07/21 19:53:49 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Winner

[2009/07/21 15:13:33 | 00,000,000 | ---D | C] -- C:\Fichiers écart

[2009/07/21 14:24:29 | 00,000,165 | -H-- | C] () -- C:\Documents and Settings\jean.quiniou\Mes documents\~$Paris.xlsx

[2009/07/21 13:29:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2009/07/21 12:38:20 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll

[2009/07/21 12:38:20 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll

[2009/07/21 12:38:19 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys

[2009/07/21 12:38:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll

[2009/07/21 12:38:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll

[2009/07/21 12:38:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe

[2009/07/21 12:38:16 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll

[2009/07/21 12:38:16 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll

[2009/07/21 12:38:16 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll

[2009/07/21 12:38:16 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

[2009/07/21 12:38:16 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll

[2009/07/21 12:38:16 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax

[2009/07/21 12:38:16 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax

[2009/07/21 12:38:15 | 00,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll

[2009/07/21 12:38:15 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll

[2009/07/21 12:38:15 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll

[2009/07/21 12:38:15 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll

[2009/07/21 12:38:15 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll

[2009/07/21 12:38:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll

[2009/07/21 12:38:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll

[2009/07/21 12:38:15 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll

[2009/07/21 12:38:15 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll

[2009/07/21 12:38:15 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll

[2009/07/21 12:38:15 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll

[2009/07/21 12:38:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll

[2009/07/21 12:38:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll

[2009/07/21 12:38:14 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll

[2009/07/21 12:38:14 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll

[2009/07/21 12:38:14 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll

[2009/07/21 12:38:14 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll

[2009/07/21 12:38:14 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll

[2009/07/21 12:38:14 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll

[2009/07/21 12:38:14 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll

[2009/07/21 12:38:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll

[2009/07/21 12:38:14 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll

[2009/07/21 12:38:13 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll

[2009/07/21 12:38:13 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll

[2009/07/21 12:38:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll

[2009/07/21 12:38:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll

[2009/07/21 12:38:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll

[2009/07/21 12:38:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll

[2009/07/21 12:38:12 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll

[2009/07/21 12:38:12 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll

[2009/07/21 12:38:12 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll

[2009/07/21 12:38:12 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll

[2009/07/21 12:38:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe

[2009/07/21 12:38:11 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll

[2009/07/21 12:38:11 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll

[2009/07/21 12:38:11 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll

[2009/07/21 12:38:11 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe

[2009/07/21 12:38:11 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll

[2009/07/21 12:38:11 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll

[2009/07/21 12:38:11 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll

[2009/07/21 12:38:11 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll

[2009/07/21 12:38:10 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll

[2009/07/21 12:38:10 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll

[2009/07/21 12:38:10 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll

[2009/07/21 12:38:10 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll

[2009/07/21 12:38:10 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll

[2009/07/21 12:38:10 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll

[2009/07/21 12:38:10 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll

[2009/07/21 12:38:09 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll

[2009/07/21 12:38:09 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll

[2009/07/21 12:38:09 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll

[2009/07/21 12:38:09 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe

[2009/07/21 12:38:09 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe

[2009/07/21 12:38:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe

[2009/07/21 12:38:08 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll

[2009/07/21 12:38:08 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll

[2009/07/21 12:38:07 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll

[2009/07/21 12:38:05 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe

[2009/07/21 12:38:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2009/07/21 12:34:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2009/07/21 12:32:23 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll

[2009/07/21 12:32:23 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll

[2009/07/21 12:32:23 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll

[2009/07/21 12:32:23 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll

[2009/07/21 12:32:23 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll

[2009/07/21 12:32:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2009/07/21 12:32:22 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys

[2009/07/21 12:32:22 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys

[2009/07/21 12:32:22 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys

[2009/07/21 12:32:22 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys

[2009/07/21 12:32:22 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

[2009/07/21 12:32:22 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys

[2009/07/21 12:32:22 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys

[2009/07/21 12:32:22 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys

[2009/07/21 12:32:22 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll

[2009/07/21 12:32:22 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll

[2009/07/21 12:32:21 | 00,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys

[2009/07/21 12:32:21 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys

[2009/07/21 12:32:21 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys

[2009/07/21 12:32:21 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys

[2009/07/21 12:32:21 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys

[2009/07/21 12:32:21 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys

[2009/07/21 12:32:21 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys

[2009/07/21 12:32:21 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys

[2009/07/21 12:32:21 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys

[2009/07/21 12:32:21 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys

[2009/07/21 12:32:21 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys

[2009/07/21 12:32:21 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys

[2009/07/21 12:32:20 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys

[2009/07/21 12:32:20 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2009/07/21 12:32:20 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys

[2009/07/21 12:32:20 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys

[2009/07/21 12:32:20 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys

[2009/07/21 12:32:20 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys

[2009/07/21 12:32:20 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll

[2009/07/21 12:32:20 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll

[2009/07/21 12:32:20 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll

[2009/07/21 12:32:20 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys

[2009/07/21 12:32:20 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll

[2009/07/21 12:32:20 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys

[2009/07/21 12:32:20 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll

[2009/07/21 12:32:19 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2009/07/21 12:32:19 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys

[2009/07/21 12:32:19 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys

[2009/07/21 12:32:19 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys

[2009/07/21 12:32:19 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys

[2009/07/21 12:32:19 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll

[2009/07/21 12:32:18 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys

[2009/07/21 12:32:18 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys

[2009/07/21 12:32:18 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys

[2009/07/21 12:32:18 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys

[2009/07/21 12:32:18 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys

[2009/07/21 12:32:17 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2009/07/21 12:32:17 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys

[2009/07/21 12:32:17 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2009/07/21 12:32:17 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2009/07/21 12:32:17 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys

[2009/07/21 12:32:17 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys

[2009/07/21 12:32:16 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys

[2009/07/21 12:32:16 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[2009/07/21 12:32:16 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys

[2009/07/21 12:32:16 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys

[2009/07/21 12:32:16 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys

[2009/07/21 12:32:15 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2009/07/21 12:32:15 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys

[2009/07/21 12:32:15 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2009/07/21 12:32:15 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys

[2009/07/21 12:32:15 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2009/07/21 12:32:15 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll

[2009/07/21 12:32:14 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys

[2009/07/21 12:32:14 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys

[2009/07/21 12:32:14 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys

[2009/07/21 12:32:14 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys

[2009/07/21 12:32:14 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll

[2009/07/21 12:32:14 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys

[2009/07/21 12:32:14 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys

[2009/07/21 12:32:13 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys

[2009/07/21 12:32:13 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys

[2009/07/21 12:32:13 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys

[2009/07/21 12:32:13 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys

[2009/07/21 12:28:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2009/07/21 12:15:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/07/21 12:14:51 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/07/21 12:14:51 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/07/21 12:14:51 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009/07/21 12:14:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009/07/21 12:13:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/07/21 11:45:11 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/07/20 19:38:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jean.quiniou\Application Data\Malwarebytes

[2009/07/20 19:38:27 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/20 19:38:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2009/07/20 19:38:24 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/20 19:38:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/07/20 19:38:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/07/20 19:37:39 | 02,906,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jean.quiniou\Bureau\mbam-setup.exe

[2009/07/19 20:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Fighters

[2009/07/19 20:35:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters

[2009/07/19 10:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2009/07/19 10:22:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2009/07/19 09:56:54 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe

[2009/07/19 09:56:53 | 02,191,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2009/07/19 09:56:53 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll

[2009/07/19 09:56:53 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll

[2009/07/19 09:56:53 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll

[2009/07/19 09:56:53 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe

[2009/07/19 09:56:53 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe

[2009/07/19 09:56:52 | 00,739,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll

[2009/07/19 09:56:52 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll

[2009/07/19 09:56:52 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll

[2009/07/19 09:56:52 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll

[2009/07/19 09:56:51 | 02,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2009/07/19 09:56:50 | 02,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2009/07/19 09:54:51 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll

[2009/07/19 09:54:39 | 00,272,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2009/07/19 09:54:38 | 00,272,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys

[2009/07/19 09:54:03 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

[2009/07/19 09:48:14 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys

[2009/07/19 09:48:12 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2009/07/19 09:48:04 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2009/07/19 09:48:02 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll

[2009/07/19 09:47:56 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll

[2009/07/19 09:44:15 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll

[2009/07/19 09:39:57 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2009/07/19 09:39:51 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2009/07/19 09:38:03 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2009/07/19 09:38:02 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe

[2009/07/19 09:31:54 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2009/07/19 09:31:54 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/07/18 23:23:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/07/18 23:21:00 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009/07/18 20:42:05 | 00,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\w32n50.dll

[2009/07/18 20:42:05 | 00,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys

[2009/07/18 20:42:05 | 00,032,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcandis5.sys

[2009/07/18 20:41:55 | 00,000,000 | ---D | C] -- C:\Program Files\OrangeBS

[2009/07/18 20:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\France Telecom

[2009/07/18 20:40:30 | 00,008,064 | R--- | C] (Option N.V.) -- C:\WINDOWS\System32\drivers\gtptser.sys

[2009/07/18 20:40:25 | 00,095,744 | R--- | C] (Option NV) -- C:\WINDOWS\System32\drivers\Gt51Ip.sys

[2009/07/18 20:40:20 | 00,051,968 | R--- | C] (Option N.V.) -- C:\WINDOWS\System32\drivers\gt72ubus.sys

[2009/07/18 10:40:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žc¯

[2009/07/17 15:34:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI

[2009/07/17 15:34:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI

[2009/07/17 13:57:50 | 00,264,417 | ---- | C] () -- C:\Documents and Settings\jean.quiniou\Bureau\09-0565.xlsx

[2009/07/16 22:39:44 | 00,000,000 | ---D | C] -- C:\Temp

[2009/07/16 22:22:19 | 00,011,212 | ---- | C] () -- C:\Documents and Settings\jean.quiniou\Mes documents\cc_20090716_222210.reg

[2009/07/16 22:00:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/07/16 19:31:13 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/07/16 19:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/07/16 18:38:21 | 00,000,163 | ---- | C] () -- C:\Documents and Settings\jean.quiniou\Mes documents\MotDePasseA2c.rtf

[2009/07/15 22:32:45 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/07/15 21:15:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Žcõ

[2009/07/10 17:54:48 | 00,042,825 | ---- | C] () -- C:\Documents and Settings\jean.quiniou\Mes documents\nomenclature charpente.pdf

[2009/07/09 13:38:22 | 00,000,000 | ---D | C] -- C:\Program Files\Letmin

[2009/07/09 09:50:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jean.quiniou\Application Data\Icones

[2009/07/08 17:17:55 | 00,017,954 | ---- | C] () -- C:\Documents and Settings\jean.quiniou\Mes documents\Planning_Persan.pdf

[2009/04/18 17:44:53 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/04/13 17:30:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI

[2009/03/31 11:13:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/03/29 18:17:48 | 00,000,115 | ---- | C] () -- C:\WINDOWS\ChssBase.ini

[2009/03/22 19:06:38 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009/03/22 19:06:38 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/03/17 21:23:42 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys

[2009/03/17 21:23:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

[2009/03/17 16:08:05 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\RCalcul.dll

[2009/03/17 16:08:04 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\Polyclip.dll

[2009/03/17 16:08:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ogc.dll

[2009/03/17 16:08:03 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Nmea.dll

[2009/03/17 16:08:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL

[2009/03/17 16:08:01 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ConversApi.dll

[2009/03/17 16:08:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResFRA.dll

[2009/03/17 16:08:00 | 00,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll

[2009/03/17 15:28:51 | 00,000,290 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/11/12 11:06:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/11/12 11:04:25 | 00,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini

[2007/11/08 10:40:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2007/11/08 10:28:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2007/11/08 10:28:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2007/11/08 10:28:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2007/11/08 10:28:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2007/11/08 10:28:16 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2007/11/08 10:28:16 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2007/11/08 10:24:59 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll

[2007/11/08 10:17:25 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL

[2007/11/08 10:15:58 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2007/11/08 10:15:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2007/11/08 10:15:58 | 00,010,162 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2007/11/08 10:15:58 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2007/11/08 09:19:52 | 00,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2007/11/08 09:07:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll

[2007/11/08 09:07:12 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/11/08 09:07:01 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini

[2007/11/08 09:07:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2007/07/02 10:16:20 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll

[2006/12/05 14:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2006/12/01 19:34:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2006/11/22 12:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2006/01/05 19:49:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll

[2006/01/05 18:36:22 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll

[2006/01/04 11:59:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll

[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll

[2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/08/04 00:59:44 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

 

========== Files - Modified Within 30 Days ==========

 

[2009/08/07 08:43:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jean.quiniou\Bureau\OTL.exe

[2009/08/07 08:41:52 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/07 08:40:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/07 08:40:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/07 08:40:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/07 08:40:11 | 21,458,32960 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/07 08:31:11 | 00,010,183 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Mes documents\Paris.xlsx

[2009/08/06 18:13:55 | 00,102,148 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Bureau\SystemLook.exe

[2009/08/06 07:06:56 | 00,002,529 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Bureau\Microsoft Office Excel 2007.lnk

[2009/08/05 22:27:06 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/05 21:07:15 | 00,513,284 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2009/08/05 21:07:15 | 00,443,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/08/05 21:07:15 | 00,086,272 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2009/08/05 21:07:15 | 00,072,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/08/05 21:07:14 | 01,128,806 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/08/05 19:49:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/08/05 15:39:18 | 00,318,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/08/05 09:04:12 | 03,154,930 | R--- | M] () -- C:\Documents and Settings\jean.quiniou\Bureau\ComboFix.exe

[2009/08/04 21:44:58 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/08/04 21:44:58 | 00,000,212 | RHS- | M] () -- C:\boot.ini

[2009/08/04 15:53:47 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Antivirus.lnk

[2009/08/04 15:53:46 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/08/02 17:59:18 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\otey.sys

[2009/08/02 09:42:56 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Bureau\CCleaner.lnk

[2009/08/02 09:42:12 | 03,278,552 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\jean.quiniou\Bureau\ccsetup222.exe

[2009/08/01 19:21:20 | 00,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Business Everywhere.lnk

[2009/08/01 09:41:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/07/31 19:25:27 | 00,317,726 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090805-153918.backup

[2009/07/31 14:37:18 | 00,017,954 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Mes documents\Planning_Persan.pdf

[2009/07/30 18:48:56 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/07/26 18:38:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090731-192526.backup

[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/07/22 07:53:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/07/21 14:24:29 | 00,000,165 | -H-- | M] () -- C:\Documents and Settings\jean.quiniou\Mes documents\~$Paris.xlsx

[2009/07/21 13:30:20 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/07/21 13:28:42 | 00,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/07/21 12:31:44 | 00,252,240 | RHS- | M] () -- C:\ntldr

[2009/07/20 19:38:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2009/07/20 19:37:56 | 02,906,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jean.quiniou\Bureau\mbam-setup.exe

[2009/07/19 18:45:00 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2009/07/19 18:45:00 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/07/19 15:15:02 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/07/19 15:15:02 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2009/07/19 15:15:02 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009/07/17 21:51:56 | 04,846,412 | -H-- | M] () -- C:\Documents and Settings\jean.quiniou\Local Settings\Application Data\IconCache.db

[2009/07/17 15:34:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TPTray.INI

[2009/07/17 15:34:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\CeEKey.INI

[2009/07/17 13:57:51 | 00,264,417 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Bureau\09-0565.xlsx

[2009/07/16 22:22:26 | 00,011,212 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Mes documents\cc_20090716_222210.reg

[2009/07/16 18:38:21 | 00,000,163 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Mes documents\MotDePasseA2c.rtf

[2009/07/15 20:13:58 | 00,317,693 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090722-200309.backup

[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/07/12 13:15:10 | 00,000,115 | ---- | M] () -- C:\WINDOWS\ChssBase.ini

[2009/07/10 17:54:49 | 00,042,825 | ---- | M] () -- C:\Documents and Settings\jean.quiniou\Mes documents\nomenclature charpente.pdf

[2009/07/09 10:33:46 | 00,317,117 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090715-201358.backup

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

 

 

OTL Extras logfile created on: 07/08/2009 08:44:37 - Run 1

OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\jean.quiniou\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,02% Memory free

3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,43% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 186,31 Gb Total Space | 84,04 Gb Free Space | 45,11% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 631,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive P: | 396,43 Gb Total Space | 170,04 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

Drive R: | 396,43 Gb Total Space | 170,04 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

Drive U: | 396,43 Gb Total Space | 170,04 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

 

Computer Name: CORB-PC32

Current User Name: jean.quiniou

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net'>http://www.emule-project.net)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv -- (adsltv.org)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\OrangeBS\BEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{045550B1-CEA9-3F79-1F1A-3D02F9CB02E5}" = Catalyst Control Center Localization Chinese Standard

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{05C4590A-74E5-F24C-A3C7-570992B11013}" = Catalyst Control Center Localization Polish

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{09DC47B1-04FD-CFBD-0FEA-586CFE342770}" = Catalyst Control Center Graphics Full New

"{0AC57BFB-7126-1851-C4F7-D22BE6000F9F}" = Catalyst Control Center Localization Finnish

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA

"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1036}" = Nero 8

"{21649684-F947-CCB5-6838-F7BA5A0AB9F3}" = Catalyst Control Center Localization Turkish

"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15

"{273B5952-7732-ED96-931A-75DF5F94BB03}" = Catalyst Control Center Localization Greek

"{2B9DA668-C505-FFD0-0428-A4D50ABE7DC5}" = CCC Help Dutch

"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = Outil de diagnostic PC TOSHIBA

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3250D35A-F0C7-44E4-A12C-2D810F468090}" = Réseau France BdNyme

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36BFA0D2-0789-276E-A672-153A5F9E7849}" = Catalyst Control Center Localization Swedish

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3A14B6EC-3D10-89CE-9EBB-A1EDE3850AEF}" = Catalyst Control Center Localization Hungarian

"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{3E458DD4-7D55-668F-778B-BE61996DDD38}" = CCC Help Thai

"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer

"{4154A302-1201-1023-2001-415258454C01}" = Hitchcock

"{4AF76BDA-CC51-B3EC-8C61-E975C2A8446D}" = Catalyst Control Center Localization Thai

"{4C07AD54-021B-2ABC-ACE1-4A221B6A0EA7}" = Catalyst Control Center Localization Dutch

"{4E61888C-3D42-4691-AD25-E9AF648EAB63}" = Trivial Pursuit Déjanté

"{50309BC6-0C7E-3637-CCF0-0E8D23A113B2}" = Catalyst Control Center Graphics Light

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{51D569E0-8A28-11D2-B962-006097C4DE24}" = Microsoft ® C Runtime Library

"{51D569E2-8A28-11D2-B962-006097C4DE24}" = MFCDLL Shared Library - Retail Version

"{51D569E3-8A28-11D2-B962-006097C4DE24}" = Microsoft ® C++ Runtime Library

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{52A2C0C8-1BAE-1C5B-A539-080DACF63A0A}" = CCC Help Swedish

"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010

"{55F2DF75-26AE-7FE1-214C-E6C47443C9C4}" = Catalyst Control Center Localization Japanese

"{5668B07E-946E-99C8-346A-659B6891A93F}" = ccc-core-static

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5783F2D7-7009-040C-0002-0060B0CE6BBA}" = AutoCAD LT 2009 - Français

"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010

"{59CE0A17-0532-DA27-9FAE-607B8299BE9E}" = CCC Help Portuguese

"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver

"{5A3228CE-36A9-F28C-FFB8-697CCB3B8283}" = CCC Help Italian

"{5B1DD5AA-FF34-4D6E-A912-CB46BB7378DC}" = Manuels TOSHIBA

"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA

"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B30C27E-8C3C-9383-5D70-2B405DD48CA2}" = CCC Help German

"{6CE7F528-50F4-3F0E-9050-B512CE91C7D4}" = Catalyst Control Center Localization Danish

"{6E57BF4C-A6CA-C3E0-302C-A5454C58B3B2}" = Catalyst Control Center Localization Portuguese

"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02

"{7040D905-76D1-ED20-B434-23968C718CAC}" = ccc-utility

"{704EDE44-0AB9-E01A-24C3-EF22243EA147}" = Catalyst Control Center Localization Korean

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{72D9675A-A0F2-99E8-91DD-93F970BF468A}" = CCC Help Czech

"{72F6C133-D4DA-48E7-7FC8-AFFC9D3827CE}" = Skins

"{73311B0B-3D20-D56C-F32E-7CBF76408B51}" = CCC Help Turkish

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78B62E01-65E6-A6E4-FB9D-317B011FDB99}" = Catalyst Control Center Localization Italian

"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility

"{8000C278-7B0A-1F92-1321-20DDD8862A04}" = Catalyst Control Center Localization Norwegian

"{8071576A-2BEC-6B45-B13A-3D3E2614B62C}" = CCC Help Japanese

"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility

"{852D3AED-DA4A-1412-197A-24362D5D5AF7}" = CCC Help Chinese Standard

"{8838B19B-D5DC-D049-1355-F8399F97A413}" = CCC Help Korean

"{89F74DB9-6CF3-4016-8CE6-4A1A3C7E10ED}" = Shredder 10

"{8F2F689A-21D3-A7A3-F98B-5036C9E88DD2}" = Catalyst Control Center Localization Russian

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA

"{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}" = MSXML 3.0

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9DB76DC7-DFDD-5564-F501-6B30CD07C155}" = CCC Help Hungarian

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3DFD0DF-0D7C-D828-15F3-9A874AABDEAB}" = CCC Help Chinese Traditional

"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA

"{AAB3E269-6EA0-F630-DE90-4F8B54EA4543}" = CCC Help Norwegian

"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français

"{B13FE5B5-A0DF-4700-9AB4-8C94C38BCFF3}" = Réseau France BdAlti

"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BCFAF175-21D5-047E-F5FF-4A93D81AC60A}" = Catalyst Control Center Localization Chinese Traditional

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{BE072EF2-E974-A068-BFD6-C9FB5065A7CE}" = CCC Help Russian

"{BEWINTERNET-FR-DME}.UninstallSuite" = Business Everywhere

"{BFD96E84-93CE-9E89-5DDE-FD28D098BF63}" = CCC Help French

"{C07F0464-316F-29FD-EB25-1B7DFD69A2AA}" = Catalyst Control Center Core Implementation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3A2D4E2-22F3-5C38-C183-AF87A8C281F0}" = Catalyst Control Center Graphics Previews Common

"{C4BC6D42-9F53-ACCF-A73C-3DEEB0A6B9BB}" = Catalyst Control Center Localization Spanish

"{C76039B2-5DCC-97F6-045F-8D34A9B39205}" = CCC Help Polish

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CAF22831-6270-0E8E-AF0B-BA92A18980F1}" = Catalyst Control Center Localization French

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D09298FC-7CD4-0987-D3AA-B9B26E39C0C9}" = CCC Help English

"{D609A379-0A4E-85CD-8345-99BCCEEFC371}" = Catalyst Control Center Localization Czech

"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI

"{DBFF6A23-0F0C-041A-4727-2F4ECD170A19}" = Catalyst Control Center Localization German

"{DC3BF343-D091-E7E3-4B3C-9FAAA09FAE50}" = CCC Help Danish

"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack

"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =

"{EBEAEB77-E98A-472E-AD82-E077EF613DDC}" = Secret Files 2 - Puritas Cordis

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F64D9A79-1CC4-FC46-CC70-0F53E151DB3A}" = CCC Help Spanish

"{FACF227C-A723-C11B-0268-036D233B899A}" = CCC Help Finnish

"{FB262596-1C62-07D6-DB57-DF1EAAFC79F7}" = CCC Help Greek

"{FC18D3D2-E113-E2C1-27A8-A8534120C007}" = ccc-core-preinstall

"{FC34D009-AF87-7849-723D-4311DBB67259}" = Catalyst Control Center Graphics Full Existing

"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"adsl TV" = adsl TV

"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel

"ATI Display Driver" = ATI Display Driver

"AutoCAD LT 2009 - Français" = AutoCAD LT 2009 - Français

"Autodesk Design Review 2010" = Autodesk Design Review 2010

"avast!" = avast! Antivirus

"CardDetector" = Card Detector for Option Icon 225

"Carte Blanche_is1" = Carte Blanche 0.3.5

"CartoExploreur 3_is1" = CartoExploreur 3 3.12

"CCleaner" = CCleaner (remove only)

"DWG TrueView 2010" = DWG TrueView 2010

"eMule" = eMule

"FileZilla Client" = FileZilla Client 3.2.3.1

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = Outil de diagnostic PC TOSHIBA

"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = Utilitaire Hotkey TOSHIBA

"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Utilitaire TouchPad ON/OFF

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

"MSNINST" = MSN

"PROHYBRIDR" = 2007 Microsoft Office system

"Réseau France Bayo_is1" = Réseau France Bayo 0013-Q0

"Réseau France BdAlti" = Réseau France BdAlti

"Réseau France BdNyme" = Réseau France BdNyme

"ST6UNST #1" = Precont2001-V9.19

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"VLC media player" = VLC media player 1.0.0

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Lecteur Windows Media 10

"Windows XP Service" = Windows XP Service Pack 3

"WinRAR archiver" = Archiveur WinRAR

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2469986633-4137749807-4248974736-1204\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Buho21 Chess" = Buho21 Chess

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 18/07/2009 14:45:48 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Standard Shield provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:02:04 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Instant Messaging provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:02:05 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky

Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:02:05 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Standard Shield provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:21:51 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Instant Messaging provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:21:51 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky

Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:21:51 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Standard Shield provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:52:54 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Instant Messaging provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:52:54 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky

Anti-Virus' is active!, 00000000.

 

Error - 18/07/2009 15:52:54 | Computer Name = CORB-PC32 | Source = avast! | ID = 33554522

Description = AAVM - initialization error: Standard Shield provider: cannot start

because 'Kaspersky Anti-Virus' is active!, 00000000.

 

[ Application Events ]

Error - 02/08/2009 12:13:29 | Computer Name = CORB-PC32 | Source = Userenv | ID = 1054

Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre

réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement

de la stratégie de groupe est interrompu.

 

Error - 02/08/2009 12:13:34 | Computer Name = CORB-PC32 | Source = Userenv | ID = 1054

Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre

réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement

de la stratégie de groupe est interrompu.

 

Error - 02/08/2009 12:26:22 | Computer Name = CORB-PC32 | Source = Userenv | ID = 1054

Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre

réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement

de la stratégie de groupe est interrompu.

 

Error - 02/08/2009 12:26:23 | Computer Name = CORB-PC32 | Source = Userenv | ID = 1054

Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre

réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement

de la stratégie de groupe est interrompu.

 

Error - 02/08/2009 12:26:23 | Computer Name = CORB-PC32 | Source = AutoEnrollment | ID = 15

Description = L'inscription de certificat automatique pour Système local n'a pas

pu contacter Active directory (0x8007054b) Le domaine spécifié n'existe pas ou

n'a pas pu être contacté. . L'inscription ne sera pas effectuée.

 

Error - 02/08/2009 12:31:10 | Computer Name = CORB-PC32 | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module

défaillant unknown, version 0.0.0.0, adresse de défaillance 0x019cd124.

 

Error - 02/08/2009 12:31:44 | Computer Name = CORB-PC32 | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module

défaillant unknown, version 0.0.0.0, adresse de défaillance 0x019cd124.

 

Error - 02/08/2009 12:35:11 | Computer Name = CORB-PC32 | Source = Userenv | ID = 1054

Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre

réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement

de la stratégie de groupe est interrompu.

 

Error - 02/08/2009 12:35:11 | Computer Name = CORB-PC32 | Source = AutoEnrollment | ID = 15

Description = L'inscription de certificat automatique pour Système local n'a pas

pu contacter Active directory (0x8007054b) Le domaine spécifié n'existe pas ou

n'a pas pu être contacté. . L'inscription ne sera pas effectuée.

 

Error - 02/08/2009 12:35:11 | Computer Name = CORB-PC32 | Source = Userenv | ID = 1054

Description = Windows ne peut pas obtenir le nom du contrôleur de domaine pour votre

réseau. (Le domaine spécifié n'existe pas ou n'a pas pu être contacté. ). Le traitement

de la stratégie de groupe est interrompu.

 

[ OSession Events ]

Error - 05/05/2009 08:51:00 | Computer Name = CORB-PC32 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2156

seconds with 60 seconds of active time. This session ended with a crash.

 

Error - 20/07/2009 13:01:58 | Computer Name = CORB-PC32 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 30/07/2009 18:06:24 | Computer Name = CORB-PC32 | Source = W32Time | ID = 39452701

Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps

à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement

accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 119 minutes.

NtpClient

n'a pas de source de temps précis.

 

Error - 30/07/2009 20:06:26 | Computer Name = CORB-PC32 | Source = W32Time | ID = 39452701

Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps

à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement

accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 239 minutes.

NtpClient

n'a pas de source de temps précis.

 

Error - 30/07/2009 20:21:25 | Computer Name = CORB-PC32 | Source = NETLOGON | ID = 5719

Description = Aucun contrôleur de domaine n'est disponible pour le domaine CORBEIL-PREDAL

pour la raison suivante : %%1311. Vérifiez que l'ordinateur est connecté au réseau

et tentez une nouvelle fois. Si le problème persiste, contactez votre administrateur

système.

 

Error - 31/07/2009 00:42:55 | Computer Name = CORB-PC32 | Source = NETLOGON | ID = 5719

Description = Aucun contrôleur de domaine n'est disponible pour le domaine CORBEIL-PREDAL

pour la raison suivante : %%1311. Vérifiez que l'ordinateur est connecté au réseau

et tentez une nouvelle fois. Si le problème persiste, contactez votre administrateur

système.

 

Error - 31/07/2009 00:42:58 | Computer Name = CORB-PC32 | Source = W32Time | ID = 39452701

Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps

à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement

accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes.

NtpClient

n'a pas de source de temps précis.

 

Error - 31/07/2009 00:42:58 | Computer Name = CORB-PC32 | Source = W32Time | ID = 39452701

Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps

à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement

accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 15 minutes.

NtpClient

n'a pas de source de temps précis.

 

Error - 31/07/2009 00:44:39 | Computer Name = CORB-PC32 | Source = Service Control Manager | ID = 7034

Description = Le service Kaspersky Anti-Virus 6.0 s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 31/07/2009 00:45:17 | Computer Name = CORB-PC32 | Source = Service Control Manager | ID = 7034

Description = Le service Kaspersky Anti-Virus 6.0 s'est terminé de façon inattendue

pour la 2ème fois.

 

Error - 31/07/2009 00:58:01 | Computer Name = CORB-PC32 | Source = W32Time | ID = 39452701

Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps

à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement

accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 29 minutes.

NtpClient

n'a pas de source de temps précis.

 

Error - 31/07/2009 01:15:52 | Computer Name = CORB-PC32 | Source = atapi | ID = 262153

Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai

imparti.

 

 

< End of report >

 

 

Je vais installer antivir.

 

Jean

 

[jean6060]

Du neuf :

 

antivir me signale un virus Boo SinowalE mais ne peut le supprimer.

 

Analyse en cours.

 

Jean

[Mark]

Alors voilà une belle découverte ; Sinowal est un virus qui se loge dans la zone d'amorce du disque dur. AntiVir est l'un des rares antivirus à pouvoir le détecter. Sale bête... on va tenter de lui faire la peau sans tarder :

================

 

Télécharge mbr.exe (de GMER) du lien suivant et sauvegarde-le sur ton Bureau :

http://www2.gmer.net/mbr/mbr.exe

 

- Désactive ton antivirus temporairement.

- Lance le fichier mbr.exe par double clic

- Lorsque l'analyse sera terminée, un rapport apparaîtra à l'écran (mbr.log) ;

- Copie/colle le contenu du rapport ici, dans ta réponse.

 

@toute

[jean6060]

Voici le rapport mbr

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\ACPI -> 0x858e41c0

\Driver\atapi -> 0x89bf0410

NDIS: GlobeTrotter HSxPA - Network Interface #2 -> SendCompleteHandler -> 0x8591de70

Warning: possible MBR rootkit infection !

copy of MBR has been found in sector 0x01749DDC1

malicious code @ sector 0x01749DDC4 !

PE file found in sector at 0x01749DDDA !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

 

 

Jean

[Mark]

Bonjour Jean

 

Le rootkit est bien là. Voici la suite :

===================

 

- Sélectionne la ligne suivante en entier puis fais un clic droit dessus et choisis "Copier" :

 

"%userprofile%\Bureau\mbr" -f

 

- Clique sur le bouton "Démarrer", puis sur "Exécuter..."

- Place ta souris dans la boîte, fais un clic droit et choisis "Coller" puis clique "OK"

- Un rapport apparaîtra à l'écran lorsque terminé ;

- Du menu "Fichier" de ce fichier rapport, choisis "Enregistrer sous...", puis sauvegarde le fichier sur ton Bureau en le nommant mbrfix

- Supprime le fichier mbr.log qui se trouve sur le Bureau.

~~~~~~~~~~~~~~

 

Dans un deuxième temps :

 

- Relance l'outil mbr.exe par double clic ;

- Un rapport apparaîtra à l'écran :

 

>> Copie/colle le contenu des deux rapports dans ta réponse, dans l'ordre : mbrfix.txt puis mbr.log

 

@toute

[jean6060]

Bonjour Mark,

 

Après l'exécution de "%userprofile%\Bureau\mbr" -f , la fenêtre s'est refermée aussitot. Je n'ai pas pu faire enregistrer sous...

 

Voici le nouveau rapport mbr :

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x01749DDC1

malicious code @ sector 0x01749DDC4 !

PE file found in sector at 0x01749DDDA !

 

 

Antivir ne signale plus rien.

 

Jean

[Mark]

Bonsoir Jean

 

Désolé pour le délai de réponse : je manque péniblement de temps et là je n'ai que deux minutes.

 

L'outil mbr a fait son boulot ; le rootkit n'y est plus. Je vais donc regarder calmement les autres rapports dès que j'ai 10 minutes.

 

D'ici là, peux-tu me dire comment se comporte la machine ? Les symptômes évoqués dans ton premier post sont-ils toujours présents ?

 

Merci pour ta patience, et @+

 

Mark

[jean6060]

Pour l'instant tout me semble remarcher normalement.

Plus de plantage, le connexion avec la cle 3g fonctionne, IE se connecte aussi.

Le PC me semble avoir retrouvé une vélocité normale.

 

Pourvu que ça dure

 

Jean

[Mark]

Bonjour Jean

 

J'ai refait le tour du propriétaire ; rien d'anormal à signaler. Le rootkit de la zone amorce est détruit.

 

Je t'invite donc à désinstaller ComboFix de la façon suivante :

 

"Démarrer" >> "Exécuter...", puis copie/colle la ligne suivante dans la boîte et clique "OK" :

 

Combofix /u

 

>> La désinstallation est rapide et une confirmation apparaîtra à l'écran, lorsque terminée. Note : il ne faut pas conserver ComboFix, qui est mis à jour régulièrement et qui est dangereux si utilisé sans supervision (j'insiste).

 

Lance maintenant OTM.exe (qui devrait être sur ton Bureau) et clique le bouton "CleanUp" ; ceci supprimera les restes d'outils, OTM inclus. Vérifie ensuite que mbr.exe et son rapport ont disparu ; si non, supprime-les manuellement.

 

C'est tout. Ou presque

 

Pourvu que ça dure

Là, c'est toi le maître de ta destinée. Le Peer-to-peer, c'est dangereux. Pire pour les cracks/keygens, etc... Les protections peuvent être excellentes sur une machine, mais ce sont les décisions prises par l'utilisateur qui dictent le niveau de sécurité, ultimement.

 

Si questions ou commentaires, je suis là, pas de gêne.

 

@+

 

Mark