(RÉSOLU) MERCI Problème de spyware, cheval de troie ?

[speck41]

Bonjour a vous tous, Vraiment réussie la nouvelle image de votre forum, j'aime beaucoup.

Bon, pour ce qui est de mon problème, j'ai des fenêtres internet explorer qui s'ouvrent toutes seule, ( de ce genre : http://c5.mt-50.com/5611401432.cmp ), pourtant je n'utilise pas internet explorer, il y a mon antivirus qui trouve un cheval de troie : TR/crypt.xpack.gen que je supprime et qui revient aussitot. Il y a aussi dans le gestionnaire des taches des applications du genre ''IBATIA.exe '', ''IJD.exe'' que je ne connais pas. Je vous remercis à l'avance de l'aide que vous pourrez m'apporter.

Speck41

Modifié le 21 juin 2010 par speck41

[no.ppp]

Salut Speck41,

 

Je vais te demander un rapport d'analyse histoire de mieux cerner le problème

 

Télécharge OTL sur ton Bureau

• Double-clique sur OTL.exe pour le lancer.
  
• Coche la case Tous les utilisateurs
  
• Fais de même avec Recherche Lop et Recherche Purity.
  
• Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
  
• Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
  
• Copie-colle les dans ta prochaine réponse.

[speck41]

Bonsoir, merci no.ppp de prendre mon problème en main.

Voici les 2 rapports demandés.

-----------------------------------------------------------------------------------------

OTL logfile created on: 2010-06-19 19:33:24 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\FKB\Bureau

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

 

510,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 18,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): c:\pagefile.sys 2500 3000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,13 Gb Total Space | 2,84 Gb Free Space | 14,87% Space Free | Partition Type: NTFS

Drive D: | 149,05 Gb Total Space | 90,99 Gb Free Space | 61,05% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ORDISALON

Current User Name: FKB

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

PRC - [2010-06-19 09:30:09 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe

PRC - [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe

PRC - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010-05-07 08:36:08 | 000,247,144 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2010-04-28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- D:\Program Files\Opera\opera.exe

PRC - [2010-04-16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009-10-26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe

PRC - [2009-09-17 21:34:03 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- D:\Program Files\Pure Networks\Network Magic\nmapp.exe

PRC - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-03-02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2007-06-25 09:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

PRC - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2007-06-25 09:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010-04-08 05:41:27 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008-07-26 08:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008-05-16 05:56:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)

SRV - [2007-06-27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010-02-05 05:03:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010-01-01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009-12-10 11:00:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-05-11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-03-30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-02-13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-05-16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008-05-16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2007-06-25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007-06-25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007-06-25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007-03-06 17:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007-03-06 17:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007-02-15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2004-11-19 19:07:00 | 000,101,488 | ---- | M] () [Kernel | Auto | Running] -- D:\Program Files\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)

DRV - [2004-08-04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)

DRV - [2004-08-04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)

DRV - [2004-08-04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)

DRV - [2004-08-03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004-08-03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004-08-03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004-08-03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004-08-03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004-08-03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004-08-03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004-08-03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004-08-03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004-08-03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004-08-03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004-08-03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004-08-03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004-08-03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004-08-03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2003-09-04 11:38:56 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)

DRV - [2001-08-17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel® 82801 (WDM)

DRV - [1999-05-21 01:00:00 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.evolutionsynchro.123.fr/|http://www.google.ca/"'>http://www.evolutionsynchro.123.fr/|http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"'>http://fr.msn.com/"

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="'>http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="

FF - prefs.js..browser.search.selectedEngine: "Live Search"

 

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\RealPlayer\browserrecord [2009-12-03 17:29:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-01-23 14:46:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-10 20:04:08 | 000,000,000 | ---D | M]

 

[2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions

[2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010-05-21 09:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions

[2009-10-28 20:03:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-05-11 19:44:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010-06-01 20:30:38 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\searchplugins\live-search.xml

 

O1 HOSTS File: ([2010-01-24 18:16:55 | 000,000,745 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [nmapp] D:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKLM..\Run: [WordQ carat flag] D:\Program Files\WordQ2Fr\WordQcrs.exe ()

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [M5T8QL3YW3] C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe ()

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [TomTomHOME.exe] D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe (Pelmorex Media Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk = D:\Program Files\WordQ2Fr\WordQcrs.exe ()

O4 - Startup: C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-606747145-162531612-682003330-1003\..Trusted Domains: tomtom.com ([www] https in Trusted sites)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.18.160.73 64.18.160.74

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.53,93.188.161.183

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-09-17 18:10:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-06-19 19:29:39 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

[2010-06-16 20:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx

[2010-06-12 22:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\OBD Soft

[2010-06-12 21:36:30 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2010-06-10 10:45:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010-06-07 17:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Toyota

[2010-06-07 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Demande Ordi

[2010-06-07 09:27:39 | 000,000,000 | ---D | C] -- D:\Mes documents\Permis SAAQ 2010

[2010-06-05 11:43:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FKB\Recent

[2010-06-04 21:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Application Data\Acapela Group

[2010-06-04 21:39:47 | 000,000,000 | ---D | C] -- D:\Mes documents\Utilisateurs de WordQ 2

[2010-06-02 19:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Routeur

[2010-06-01 20:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010-06-01 12:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Bulletin

[2010-05-27 20:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Rencontre Instructeurs

[2010-05-27 09:44:45 | 000,000,000 | ---D | C] -- D:\Mes documents\Émoticones

[2010-05-26 18:35:38 | 000,000,000 | ---D | C] -- D:\Mes documents\TomTom

[2004-11-24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010-06-19 19:56:48 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[2010-06-19 19:43:21 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\FKB\ntuser.dat

[2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

[2010-06-19 19:20:04 | 000,001,138 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003UA.job

[2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\ac9af519.job

[2010-06-19 16:55:02 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll

[2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010-06-19 16:54:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-06-19 16:53:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-06-19 16:53:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-06-19 16:53:38 | 535,285,760 | -HS- | M] () -- C:\hiberfil.sys

[2010-06-19 16:52:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\FKB\ntuser.ini

[2010-06-19 10:37:48 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-06-19 10:30:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe

[2010-06-19 09:29:18 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe

[2010-06-19 08:20:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003Core.job

[2010-06-18 10:59:33 | 000,172,134 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx

[2010-06-14 11:57:45 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk

[2010-06-10 21:33:07 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-10 21:24:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-10 21:02:17 | 001,033,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-10 21:02:17 | 000,494,760 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010-06-10 21:02:17 | 000,426,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-10 21:02:17 | 000,078,146 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010-06-10 21:02:17 | 000,065,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-10 10:31:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2010-06-09 10:05:03 | 000,703,511 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf

[2010-06-09 09:44:21 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Settings.cfg

[2010-06-07 09:21:11 | 000,020,450 | ---- | M] () -- C:\WINDOWS\SICALIB2.DAT

[2010-06-04 21:39:28 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk

[2010-06-04 21:39:28 | 000,000,060 | ---- | M] () -- C:\WINDOWS\WiViK3.ini

[2010-06-03 19:22:08 | 000,067,260 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg

[2010-06-03 09:28:28 | 000,024,124 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx

[2010-06-01 20:30:39 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk

[2010-05-28 17:37:57 | 000,010,534 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf

[2010-05-28 17:37:56 | 000,107,004 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf

 

========== Files Created - No Company Name ==========

 

[2010-06-19 16:55:02 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll

[2010-06-19 15:50:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-06-19 09:30:29 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[2010-06-19 09:30:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Ibatia.exe

[2010-06-19 09:29:24 | 000,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\ac9af519.job

[2010-06-19 09:29:20 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe

[2010-06-18 10:58:02 | 000,172,134 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx

[2010-06-14 11:57:45 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk

[2010-06-10 21:05:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010-06-09 10:05:01 | 000,703,511 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf

[2010-06-04 21:39:28 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk

[2010-06-04 21:39:28 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WiViK3.ini

[2010-06-03 19:22:08 | 000,067,260 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg

[2010-06-03 09:27:05 | 000,024,124 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx

[2010-06-01 20:30:39 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk

[2010-05-28 17:37:56 | 000,107,004 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf

[2010-05-28 17:37:56 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf

[2010-05-26 18:16:31 | 000,186,142 | ---- | C] () -- D:\Mes documents\Contrat Trousse auto occasion.pdf

[2010-05-26 18:16:31 | 000,122,866 | ---- | C] () -- D:\Mes documents\Procuration Transfert SAAQ.pdf

[2010-04-10 10:38:57 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010-04-10 10:21:38 | 000,000,091 | ---- | C] () -- C:\WINDOWS\fpxpress.ini

[2010-03-13 18:56:05 | 000,000,174 | ---- | C] () -- C:\WINDOWS\mp3 recorder.ini

[2010-02-28 21:24:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll

[2010-02-02 20:03:06 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009-10-23 17:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI

[2009-10-15 11:37:15 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009-10-14 15:17:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2009-10-13 12:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI

[2009-10-04 21:06:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009-09-28 20:33:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-24 09:31:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI

[2009-09-24 09:29:41 | 000,000,548 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2009-09-24 09:27:30 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys

[2007-03-06 17:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2006-05-25 01:22:06 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\knstwai.dll

[2005-03-14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2004-10-03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[1999-08-10 18:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[1999-08-10 18:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 

========== LOP Check ==========

 

[2010-01-16 11:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft

[2009-11-29 13:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2009-09-17 21:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010-02-28 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs

[2010-01-12 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

[2009-10-16 12:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2009-10-16 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2010-01-23 22:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010-05-11 09:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\open-config

[2010-03-01 10:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2010-02-27 20:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2009-12-13 15:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009-12-20 00:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010-03-27 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions

[2010-03-26 08:53:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

[2010-01-03 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010-06-04 21:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Acapela Group

[2009-12-03 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Apowersoft

[2009-09-19 20:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Auslogics

[2009-11-29 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Canneverbe_Limited

[2010-06-09 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Classes de site

[2009-09-22 09:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Convivea

[2009-09-23 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Dynamique

[2009-09-23 09:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\EmailNotifier

[2010-01-03 13:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\GlarySoft

[2009-12-13 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\ImgBurn

[2009-10-16 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\iolo

[2010-01-10 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\kibisoft

[2010-05-15 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Leadertech

[2009-12-12 14:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\MSNInstaller

[2009-10-24 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Netscape

[2009-09-24 10:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Opera

[2009-10-24 16:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Photodex

[2009-09-19 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\PhotoFiltre Studio X

[2010-06-09 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Sites

[2010-04-11 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Softativity

[2009-09-18 10:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Styler

[2010-01-16 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom

[2010-01-16 12:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom(2)

[2010-04-06 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Tracker Software

[2010-06-19 10:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\uTorrent

[2010-04-04 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Visicom Media

[2010-03-01 10:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Vso

[2010-03-27 13:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\WindSolutions

[2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\EmailNotifier

[2009-10-31 11:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\OnlineArmor

[2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR

[2009-10-14 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

[2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\ac9af519.job

[2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2010-06-19 19:56:48 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

 

========== Purity Check ==========

 

 

< End of report >

PRC - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

PRC - [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe

PRC - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010-05-07 08:36:08 | 000,247,144 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2010-04-16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe

PRC - [2009-10-26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe

PRC - [2009-09-17 21:34:03 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- D:\Program Files\Pure Networks\Network Magic\nmapp.exe

PRC - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-03-02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2007-06-25 09:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

PRC - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2007-06-25 09:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010-05-07 08:36:10 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010-04-08 05:41:27 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009-07-21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-05-13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008-11-09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008-07-26 08:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2008-05-16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008-05-16 05:56:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)

SRV - [2007-06-27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2007-06-25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010-02-05 05:03:36 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010-01-01 13:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009-12-10 11:00:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-05-11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-03-30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-02-13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-05-16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008-05-16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2007-06-25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007-06-25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007-06-25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007-03-06 17:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007-03-06 17:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007-02-15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2004-11-19 19:07:00 | 000,101,488 | ---- | M] () [Kernel | Auto | Running] -- D:\Program Files\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)

DRV - [2004-08-04 00:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)

DRV - [2004-08-04 00:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)

DRV - [2004-08-04 00:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)

DRV - [2004-08-03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)

DRV - [2004-08-03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)

DRV - [2004-08-03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)

DRV - [2004-08-03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)

DRV - [2004-08-03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)

DRV - [2004-08-03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)

DRV - [2004-08-03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)

DRV - [2004-08-03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)

DRV - [2004-08-03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)

DRV - [2004-08-03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)

DRV - [2004-08-03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)

DRV - [2004-08-03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)

DRV - [2004-08-03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)

DRV - [2004-08-03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)

DRV - [2004-08-03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)

DRV - [2003-09-04 11:38:56 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV532AV.SYS -- (PID_0920) Logitech QuickCam Express(PID_0920)

DRV - [2001-08-17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel® 82801 (WDM)

DRV - [1999-05-21 01:00:00 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "http://www.evolutionsynchro.123.fr/|http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..browser.startup.homepage: "http://fr.msn.com/"

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="

FF - prefs.js..browser.search.selectedEngine: "Live Search"

 

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\Real\RealPlayer\browserrecord [2009-12-03 17:29:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-01-23 14:46:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-10 20:04:08 | 000,000,000 | ---D | M]

 

[2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions

[2009-12-13 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010-05-21 09:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions

[2009-10-28 20:03:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-05-11 19:44:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010-06-01 20:30:38 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Mozilla\Firefox\Profiles\iwzhylrv.default\searchplugins\live-search.xml

 

O1 HOSTS File: ([2010-01-24 18:16:55 | 000,000,745 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [nmapp] D:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKLM..\Run: [WordQ carat flag] D:\Program Files\WordQ2Fr\WordQcrs.exe ()

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [M5T8QL3YW3] C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe ()

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [TomTomHOME.exe] D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe (Pelmorex Media Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk = D:\Program Files\WordQ2Fr\WordQcrs.exe ()

O4 - Startup: C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255

O7 - HKU\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-606747145-162531612-682003330-1003\..Trusted Domains: tomtom.com ([www] https in Trusted sites)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.18.160.73 64.18.160.74

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.53,93.188.161.183

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\FKB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-09-17 18:10:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-05-11 09:45:21 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-06-19 19:29:39 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

[2010-06-16 20:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\AxBx

[2010-06-12 22:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\OBD Soft

[2010-06-12 21:36:30 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2010-06-10 10:45:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010-06-07 17:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Toyota

[2010-06-07 10:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Demande Ordi

[2010-06-07 09:27:39 | 000,000,000 | ---D | C] -- D:\Mes documents\Permis SAAQ 2010

[2010-06-05 11:43:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\FKB\Recent

[2010-06-04 21:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Application Data\Acapela Group

[2010-06-04 21:39:47 | 000,000,000 | ---D | C] -- D:\Mes documents\Utilisateurs de WordQ 2

[2010-06-02 19:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Routeur

[2010-06-01 20:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010-06-01 12:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Bulletin

[2010-05-27 20:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FKB\Bureau\Rencontre Instructeurs

[2010-05-27 09:44:45 | 000,000,000 | ---D | C] -- D:\Mes documents\Émoticones

[2010-05-26 18:35:38 | 000,000,000 | ---D | C] -- D:\Mes documents\TomTom

[2004-11-24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

 

========== Files - Modified Within 30 Days ==========

 

[2010-06-19 20:25:52 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\FKB\ntuser.dat

[2010-06-19 20:21:44 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-06-19 20:20:11 | 000,001,138 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003UA.job

[2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[2010-06-19 19:29:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FKB\Bureau\OTL.exe

[2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\ac9af519.job

[2010-06-19 16:55:02 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll

[2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010-06-19 16:54:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-06-19 16:53:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-06-19 16:53:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-06-19 16:53:38 | 535,285,760 | -HS- | M] () -- C:\hiberfil.sys

[2010-06-19 16:52:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\FKB\ntuser.ini

[2010-06-19 10:37:48 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-06-19 10:30:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe

[2010-06-19 09:29:18 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe

[2010-06-19 08:20:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003Core.job

[2010-06-18 10:59:33 | 000,172,134 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx

[2010-06-14 11:57:45 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk

[2010-06-10 21:33:07 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-10 21:24:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-10 21:02:17 | 001,033,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-10 21:02:17 | 000,494,760 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010-06-10 21:02:17 | 000,426,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-10 21:02:17 | 000,078,146 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010-06-10 21:02:17 | 000,065,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-10 10:31:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2010-06-09 10:05:03 | 000,703,511 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf

[2010-06-09 09:44:21 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\Settings.cfg

[2010-06-07 09:21:11 | 000,020,450 | ---- | M] () -- C:\WINDOWS\SICALIB2.DAT

[2010-06-04 21:39:28 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk

[2010-06-04 21:39:28 | 000,000,060 | ---- | M] () -- C:\WINDOWS\WiViK3.ini

[2010-06-03 19:22:08 | 000,067,260 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg

[2010-06-03 09:28:28 | 000,024,124 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx

[2010-06-01 20:30:39 | 000,001,109 | ---- | M] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk

[2010-05-28 17:37:57 | 000,010,534 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf

[2010-05-28 17:37:56 | 000,107,004 | ---- | M] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf

 

========== Files Created - No Company Name ==========

 

[2010-06-19 16:55:02 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll

[2010-06-19 15:50:55 | 000,000,242 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-06-19 09:30:29 | 000,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[2010-06-19 09:30:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Ibatia.exe

[2010-06-19 09:29:24 | 000,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\ac9af519.job

[2010-06-19 09:29:20 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe

[2010-06-18 10:58:02 | 000,172,134 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\perceuse.docx

[2010-06-14 11:57:45 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Recettes.lnk

[2010-06-10 21:05:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010-06-09 10:05:01 | 000,703,511 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\St-Augustin_st_jean_2010.pdf

[2010-06-04 21:39:28 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk

[2010-06-04 21:39:28 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WiViK3.ini

[2010-06-03 19:22:08 | 000,067,260 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Milliplein.jpeg

[2010-06-03 09:27:05 | 000,024,124 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Magic Jack conditions.docx

[2010-06-01 20:30:39 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk

[2010-05-28 17:37:56 | 000,107,004 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Exam schedule June 2010.pdf

[2010-05-28 17:37:56 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\FKB\Bureau\Letter to Parents - June Exams.pdf

[2010-05-26 18:16:31 | 000,186,142 | ---- | C] () -- D:\Mes documents\Contrat Trousse auto occasion.pdf

[2010-05-26 18:16:31 | 000,122,866 | ---- | C] () -- D:\Mes documents\Procuration Transfert SAAQ.pdf

[2010-04-10 10:38:57 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010-04-10 10:21:38 | 000,000,091 | ---- | C] () -- C:\WINDOWS\fpxpress.ini

[2010-03-13 18:56:05 | 000,000,174 | ---- | C] () -- C:\WINDOWS\mp3 recorder.ini

[2010-02-28 21:24:24 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll

[2010-02-02 20:03:06 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009-10-23 17:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI

[2009-10-15 11:37:15 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009-10-14 15:17:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

[2009-10-13 12:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI

[2009-10-04 21:06:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009-09-28 20:33:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-24 09:31:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI

[2009-09-24 09:29:41 | 000,000,548 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2009-09-24 09:27:30 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys

[2007-03-06 17:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2006-05-25 01:22:06 | 000,025,602 | ---- | C] () -- C:\WINDOWS\System32\knstwai.dll

[2005-03-14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2004-10-03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[1999-08-10 18:02:20 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[1999-08-10 18:02:16 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 

========== LOP Check ==========

 

[2010-01-16 11:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft

[2009-11-29 13:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2009-09-17 21:37:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010-02-28 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Configs

[2010-01-12 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

[2009-10-16 12:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2009-10-16 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2010-01-23 22:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010-05-11 09:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\open-config

[2010-03-01 10:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2010-02-27 20:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2009-12-13 15:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009-12-20 00:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010-03-27 10:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions

[2010-03-26 08:53:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}

[2010-01-03 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010-06-04 21:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Acapela Group

[2009-12-03 18:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Apowersoft

[2009-09-19 20:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Auslogics

[2009-11-29 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Canneverbe_Limited

[2010-06-09 09:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Classes de site

[2009-09-22 09:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Convivea

[2009-09-23 09:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Dynamique

[2009-09-23 09:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\EmailNotifier

[2010-01-03 13:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\GlarySoft

[2009-12-13 19:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\ImgBurn

[2009-10-16 13:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\iolo

[2010-01-10 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\kibisoft

[2010-05-15 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Leadertech

[2009-12-12 14:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\MSNInstaller

[2009-10-24 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Netscape

[2009-09-24 10:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Opera

[2009-10-24 16:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Photodex

[2009-09-19 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\PhotoFiltre Studio X

[2010-06-09 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Sites

[2010-04-11 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Softativity

[2009-09-18 10:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Styler

[2010-01-16 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom

[2010-01-16 12:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\TomTom(2)

[2010-04-06 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Tracker Software

[2010-06-19 10:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\uTorrent

[2010-04-04 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Visicom Media

[2010-03-01 10:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\Vso

[2010-03-27 13:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FKB\Application Data\WindSolutions

[2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\EmailNotifier

[2009-10-31 11:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\OnlineArmor

[2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR

[2009-10-14 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo

[2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\ac9af519.job

[2010-06-19 16:54:56 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2010-06-19 20:21:44 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

 

========== Purity Check ==========

 

 

 

< End of report >

 

-------------------------------------------------------------------------------------------------------

 

OTL Extras logfile created on: 2010-06-19 19:33:24 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\FKB\Bureau

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

 

510,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 18,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): c:\pagefile.sys 2500 3000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,13 Gb Total Space | 2,84 Gb Free Space | 14,87% Space Free | Partition Type: NTFS

Drive D: | 149,05 Gb Total Space | 90,99 Gb Free Space | 61,05% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ORDISALON

Current User Name: FKB

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "D:\Program Files\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

"UacDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

"D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- File not found

"D:\Install\P2P\utorrent.exe" = D:\Install\P2P\utorrent.exe:*:Enabled:µTorrent -- ()

"C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe" = C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe:*:Enabled:µTorrent -- ()

"D:\Program Files\Activity Monitor\swatcher.exe" = D:\Program Files\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor -- File not found

"D:\Program Files\Net-Orbit\Admin\netorbit.exe" = D:\Program Files\Net-Orbit\Admin\netorbit.exe:*:Enabled:netorbit -- File not found

"C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95FC1DEC-34C4-4293-9C2F-89CC06BFE520}" = Pure Networks Platform

"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C3576AC-61CA-4A61-8D39-9502AF46F8B6}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (français canadien)

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium

"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che

"{DC2314C9-5CF6-487F-9A90-A091AC2BE595}" = WordQ 2 Fr

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F8653A81-1A97-4A2A-8ECE-D2B895B4D796}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (Noyau)

"{F8EAD05C-6EA9-4444-89A5-89BA1FDE921C}" = Network Magic

"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6

"Ace DivX Player_is1" = Ace DivX Player v2.1

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALZip_is1" = ALZip

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction

"CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7

"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS

"CCleaner" = CCleaner

"Clean Virus MSN_is1" = Clean Virus MSN

"CloneCD" = CloneCD

"DataPro Standard Edition" = DataPro Standard Edition 14.1.16

"Defraggler" = Defraggler

"FLVPlayer" = FLV Player 1.3.3

"FormatFactory" = FormatFactory 2.20

"FrontPageExpress" = Microsoft FrontPage Express

"FTP Expert 3" = FTP Expert 3

"Glary Utilities_is1" = Glary Utilities 2.23.0.923

"ie8" = Windows Internet Explorer 8

"LG USB Drivers" = LG USB Drivers

"lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Multi Virus Cleaner 2010_is1" = Multi Virus Cleaner 2010

"Network MagicUninstall" = Network Magic

"PROPLUS" = Microsoft Office Professional Plus 2007

"PUBLISHERR" = Microsoft Office Publisher 2007

"QcDrv" = Programme de gestion Camera de Labtec®

"TomTom HOME" = TomTom HOME 2.7.4.1962

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XP Codec Pack" = XP Codec Pack

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"XWebDesignor" = XWebDesignor

"Yahoo! Companion" = Yahoo! Barre d'outils

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"MétéoÉclair" = MétéoÉclair

"Notification de cadeaux MSN" = Notification de cadeaux MSN

"PhotoFiltre Studio X" = PhotoFiltre Studio X

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-06-13 16:08:08 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>

avec l'erreur : A connection with the server could not be established

 

Error - 2010-06-13 16:08:08 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-13 16:08:51 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-13 16:08:51 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/323C118E1BF7B8B65254E2E2100DD6029037F096.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-15 07:06:08 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002

Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-06-15 07:07:53 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002

Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-06-15 07:08:52 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002

Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-06-19 09:31:42 | Computer Name = ORDISALON | Source = Application Error | ID = 1000

Description = Application défaillante spoolsv.exe, version 5.1.2600.2696, module

défaillant unknown, version 0.0.0.0, adresse de défaillance 0x009f6e47.

 

Error - 2010-06-19 14:24:17 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002

Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2010-06-19 15:35:45 | Computer Name = ORDISALON | Source = Application Hang | ID = 1002

Description = Application bloquée msimn.exe, version 6.0.2900.2180, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

[ System Events ]

Error - 2010-06-19 11:21:20 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034

Description = Le service Service Bonjour s'est terminé de façon inattendue pour

la 1ème fois.

 

Error - 2010-06-19 11:48:11 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 12:25:35 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 12:35:27 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 14:00:26 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327685

Description = AMLI : le BIOS ACPI tente de lire une adresse de port E/S non autorisée

(0x70) dans la gamme d'adresses protégées 0x70 - 0x71. Cela peut provoquer l'instabilité

du système. Contactez le fabricant de votre ordinateur pour une assistance technique.

 

Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327684

Description = AMLI : le BIOS ACPI tente de lire à partir d'une adresse de port E/S

non autorisée (0x71) dans la plage d'adresses protégées 0x70 - 0x71. Cela peut provoquer

l'instabilité du système. Contactez le fabricant de votre ordinateur pour une assistance

technique.

 

Error - 2010-06-19 16:55:54 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7000

Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison

de l'erreur : %%2

 

Error - 2010-06-19 17:07:12 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034

Description = Le service Machine Debug Manager s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 2010-06-19 17:07:18 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034

Description = Le service Service Bonjour s'est terminé de façon inattendue pour

la 1ème fois.

 

 

< End of report >

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "D:\Program Files\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

"UacDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)

"D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" = D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- File not found

"D:\Install\P2P\utorrent.exe" = D:\Install\P2P\utorrent.exe:*:Enabled:µTorrent -- ()

"C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe" = C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe:*:Enabled:µTorrent -- ()

"D:\Program Files\Activity Monitor\swatcher.exe" = D:\Program Files\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor -- File not found

"D:\Program Files\Net-Orbit\Admin\netorbit.exe" = D:\Program Files\Net-Orbit\Admin\netorbit.exe:*:Enabled:netorbit -- File not found

"C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95FC1DEC-34C4-4293-9C2F-89CC06BFE520}" = Pure Networks Platform

"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C3576AC-61CA-4A61-8D39-9502AF46F8B6}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (français canadien)

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF097717-F174-4144-954A-FBC4BF301036}" = Nero 7 Premium

"{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1" = Bit Che

"{DC2314C9-5CF6-487F-9A90-A091AC2BE595}" = WordQ 2 Fr

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F8653A81-1A97-4A2A-8ECE-D2B895B4D796}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (Noyau)

"{F8EAD05C-6EA9-4444-89A5-89BA1FDE921C}" = Network Magic

"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6

"Ace DivX Player_is1" = Ace DivX Player v2.1

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALZip_is1" = ALZip

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction

"CanoCraft CS-P 3.7" = Canon CanoCraft CS-P 3.7

"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS

"CCleaner" = CCleaner

"Clean Virus MSN_is1" = Clean Virus MSN

"CloneCD" = CloneCD

"DataPro Standard Edition" = DataPro Standard Edition 14.1.16

"Defraggler" = Defraggler

"FLVPlayer" = FLV Player 1.3.3

"FormatFactory" = FormatFactory 2.20

"FrontPageExpress" = Microsoft FrontPage Express

"FTP Expert 3" = FTP Expert 3

"Glary Utilities_is1" = Glary Utilities 2.23.0.923

"ie8" = Windows Internet Explorer 8

"LG USB Drivers" = LG USB Drivers

"lvdrivers_11.80" = Coffret de pilotes Logitech QuickCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Multi Virus Cleaner 2010_is1" = Multi Virus Cleaner 2010

"Network MagicUninstall" = Network Magic

"PROPLUS" = Microsoft Office Professional Plus 2007

"PUBLISHERR" = Microsoft Office Publisher 2007

"QcDrv" = Programme de gestion Camera de Labtec®

"TomTom HOME" = TomTom HOME 2.7.4.1962

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XP Codec Pack" = XP Codec Pack

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"XWebDesignor" = XWebDesignor

"Yahoo! Companion" = Yahoo! Barre d'outils

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"MétéoÉclair" = MétéoÉclair

"Notification de cadeaux MSN" = Notification de cadeaux MSN

"PhotoFiltre Studio X" = PhotoFiltre Studio X

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-06-19 20:25:38 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:38 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:39 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:40 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:40 | Computer Name = ORDISALON | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 2010-06-19 20:25:40 | Computer Name = ORDISALON | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

[ System Events ]

Error - 2010-06-19 11:21:20 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034

Description = Le service Service Bonjour s'est terminé de façon inattendue pour

la 1ème fois.

 

Error - 2010-06-19 11:48:11 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 12:25:35 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 12:35:27 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 14:00:26 | Computer Name = ORDISALON | Source = DCOM | ID = 10010

Description = Le serveur {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327685

Description = AMLI : le BIOS ACPI tente de lire une adresse de port E/S non autorisée

(0x70) dans la gamme d'adresses protégées 0x70 - 0x71. Cela peut provoquer l'instabilité

du système. Contactez le fabricant de votre ordinateur pour une assistance technique.

 

Error - 2010-06-19 16:53:55 | Computer Name = ORDISALON | Source = ACPI | ID = 327684

Description = AMLI : le BIOS ACPI tente de lire à partir d'une adresse de port E/S

non autorisée (0x71) dans la plage d'adresses protégées 0x70 - 0x71. Cela peut provoquer

l'instabilité du système. Contactez le fabricant de votre ordinateur pour une assistance

technique.

 

Error - 2010-06-19 16:55:54 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7000

Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison

de l'erreur : %%2

 

Error - 2010-06-19 17:07:12 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034

Description = Le service Machine Debug Manager s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 2010-06-19 17:07:18 | Computer Name = ORDISALON | Source = Service Control Manager | ID = 7034

Description = Le service Service Bonjour s'est terminé de façon inattendue pour

la 1ème fois.

 

 

< End of report >

------------------------------------------------------------------------------------------

 

Merci Speck41

[no.ppp]

Salut,

 

Allons-y ! Je vois que tu as MBAM, on va s'en servir.

 

Relance OTL.exe.

 

• Copie-colle le code suivant dans la fenêtre Personnalisation
   

  
  :OTL
  PRC - [2010-06-19 09:30:09 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe
  PRC - [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe
  O4 - HKU\S-1-5-21-606747145-162531612-682003330-1003..\Run: [M5T8QL3YW3] C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe ()
  [2010-02-02 20:03:06 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
  [2010-06-19 19:56:48 | 000,000,242 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  [2010-06-19 19:47:05 | 000,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
  [2010-06-19 16:58:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\ac9af519.job
  [2010-06-19 16:55:02 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
  [2010-06-19 09:29:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Ibatia.exe
  [2010-06-19 09:29:18 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\FKB\Application Data\ac9af519.exe
  [2009-10-31 11:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR
   
  :files
  C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR
  C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe
  C:\WINDOWS\Ibatia.exe
  C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
  C:\WINDOWS\tasks\ac9af519.job
  C:\WINDOWS\_delis32.ini
  C:\WINDOWS\System32\ernel32.dll
  C:\Documents and Settings\FKB\Application Data\ac9af519.exe
   
  :commands
  [EmptyTemp]
  [EmptyFlash]
  [Purity]
  [CREATERESTOREPOINT]
  [ResetHosts]
  [Reboot]
  

• Clique ensuite sur Correction et patiente pendant que l'outil travaille.
  
• Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

 

 

Lance MBAM

• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

EDIT : Orthographique

Modifié le 20 juin 2010 par no.ppp

[speck41]

Bonjour no.ppp, merci de ton aide très rapide.

Je te post les rapports demandés.

J'avais utilisé MBAM il y a 1 jour et il n'avait rien trouvé..... j'imagine que OTL a mis en évidence des problèmes qui étaient cachés?

 

Voici les rapports:

MBAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4217

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

2010-06-20 10:10:19

mbam-log-2010-06-20 (10-10-19).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 139446

Temps écoulé: 16 minute(s), 46 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v71iql7hi7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.53,93.188.161.183 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c77883a8-1a5f-4a83-b9da-857e0ddea8e8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.53,93.188.161.183 -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

------------------------------------------------------------------------------------------------------------

OTL

All processes killed

========== OTL ==========

Process Ijd.exe killed successfully!

No active process named Ibatia.exe was found!

Registry value HKEY_USERS\S-1-5-21-606747145-162531612-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.

C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe moved successfully.

C:\WINDOWS\_delis32.ini moved successfully.

C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.

C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.

C:\WINDOWS\tasks\ac9af519.job moved successfully.

File C:\WINDOWS\System32\ernel32.dll not found.

C:\WINDOWS\Ibatia.exe moved successfully.

C:\Documents and Settings\FKB\Application Data\ac9af519.exe moved successfully.

C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR folder moved successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR not found.

File\Folder C:\Documents and Settings\FKB\Local Settings\temp\Ijd.exe not found.

File\Folder C:\WINDOWS\Ibatia.exe not found.

File\Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.

File\Folder C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.

File\Folder C:\WINDOWS\tasks\ac9af519.job not found.

File\Folder C:\WINDOWS\_delis32.ini not found.

File\Folder C:\WINDOWS\System32\ernel32.dll not found.

File\Folder C:\Documents and Settings\FKB\Application Data\ac9af519.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: FKB

->Temp folder emptied: 1221233 bytes

->Temporary Internet Files folder emptied: 92982412 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 6419321 bytes

->Flash cache emptied: 12514 bytes

 

User: Invité

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2836911 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 10306 bytes

 

Total Files Cleaned = 99,00 mb

 

 

[EMPTYFLASH]

 

User: Administrateur

 

User: All Users

 

User: Default User

 

User: FKB

->Flash cache emptied: 0 bytes

 

User: Invité

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

Restore point Set: OTL Restore Point (0)

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.6.0 log created on 06202010_083941

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------------------------

 

Ah oui, suite à la deuxième utilisation d'OTL, le redémarrage ne s'est pas complètement effectué, après une période prolongée sans activité de l'ordinateur (30 min) je l'ai redémarré en faisant un reset.

 

Merci

Speck41

[no.ppp]

Re,

 

Tu peux désinstaller Ad-aware qui, à mon sens, est totalement inutile de nos jours.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

 

Pour vérification :

Télécharge TDSSKiller.zip de Kaspersky sur ton Bureau.

 

• 
   
  
• Décompresse-le. (clic droit/extraire ici).
  
• Ouvre le dossier si la décompression a donné un répertoire TDSSKiller.
  
• Double-clique sur TDSSKiller.exe
  
• A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.
  
• Si un reboot est demandé, accepte en tapant Y (yes) et valide avec Enter.
  

 

NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

 

Hidden service detected: nom du service caché:

Type "delete" (without quotes) to delete it: 14:30:08:000 0256

 

Tape delete et valide par la touche Enter.

 

Il y aura un rapport TDSSKiller.txt sur le C:\

Ouvre le fichier texte et copie l'entièreté du contenu; colle-le dans ta réponse.

Modifié le 20 juin 2010 par no.ppp

[speck41]

Re-salut, j'ai désinstallé AdAware comme suggéré.

 

J'ai installé RSIT et je n'ai eu qu'un rapport que voici:

Logfile of random's system information tool 1.07 (written by random/random)

Run by FKB at 2010-06-20 16:08:23

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 3 GB (16%) free of 20 GB

Total RAM: 510 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:08:28, on 2010-06-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe

D:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe

D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Program Files\Opera\opera.exe

C:\Documents and Settings\FKB\Bureau\Aide Zébulon\RSIT.exe

C:\Program Files\trend micro\FKB.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [WordQ carat flag] D:\Program Files\WordQ2Fr\WordQcrs.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - S-1-5-18 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User 'Default user')

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Global Startup: WordQCRS.lnk = D:\Program Files\WordQ2Fr\WordQcrs.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264313117109

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - D:\Program Files\ImpotRapide 2009\ic2009pp.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 10283 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GlaryInitialize.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-162531612-682003330-1003UA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-03 370296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-06 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-06 79648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"nmctxth"=C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]

"nmapp"=D:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-09-17 451896]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-25 1629480]

"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-06-25 1057064]

"WordQ carat flag"=D:\Program Files\WordQ2Fr\WordQcrs.exe [2009-03-03 24576]

"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

"WeatherEye"=C:\Documents and Settings\FKB\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe [2009-10-26 718232]

"Messenger (Yahoo!)"=D:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2010-04-29 5248312]

"TomTomHOME.exe"=D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-05-07 247144]

"Google Update"=C:\Documents and Settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-23 136176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

D:\Program Files\Eraser\Eraser.exe [2009-06-10 334224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\FKB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-23 136176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

C:\Program Files\Labtec\WebCam10\WebCam10.exe [2007-03-06 1060376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2010-04-29 5248312]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

D:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-05-07 247144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Photo Express Calendar Checker SE.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^FKB^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SvcOnlineArmor"=2

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

WordQCRS.lnk - D:\Program Files\WordQ2Fr\WordQcrs.exe

 

C:\Documents and Settings\FKB\Menu Démarrer\Programmes\Démarrage

Notification de cadeaux MSN.lnk - C:\Documents and Settings\FKB\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmd23.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmd23.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDriveAutoRun"=255

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"

"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"

"D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"

"D:\Install\P2P\utorrent.exe"="D:\Install\P2P\utorrent.exe:*:Enabled:µTorrent"

"C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe"="C:\Documents and Settings\FKB\Bureau\Raccourcis du Bureau\P2P\utorrent.exe:*:Enabled:µTorrent"

"D:\Program Files\Activity Monitor\swatcher.exe"="D:\Program Files\Activity Monitor\swatcher.exe:*:Enabled:Activity Monitor"

"D:\Program Files\Net-Orbit\Admin\netorbit.exe"="D:\Program Files\Net-Orbit\Admin\netorbit.exe:*:Enabled:netorbit"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"

"C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-06-20 16:08:14 ----A---- C:\TDSSKiller.2.3.2.0_20.06.2010_16.08.14_log.txt

2010-06-20 15:52:13 ----A---- C:\TDSSKiller.2.3.2.0_20.06.2010_15.52.13_log.txt

2010-06-20 08:39:41 ----D---- C:\_OTL

2010-06-16 20:55:44 ----D---- C:\Program Files\AxBx

2010-06-12 21:36:30 ----D---- C:\spoolerlogs

2010-06-10 21:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$

2010-06-10 21:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$

2010-06-10 21:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$

2010-06-10 21:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$

2010-06-10 21:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2010-06-10 21:05:41 ----A---- C:\WINDOWS\imsins.BAK

2010-06-10 21:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$

2010-06-04 21:42:17 ----D---- C:\Documents and Settings\FKB\Application Data\Acapela Group

2010-06-04 21:39:28 ----A---- C:\WINDOWS\WiViK3.ini

2010-06-01 20:34:39 ----D---- C:\Program Files\Windows Live SkyDrive

2010-05-26 15:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

 

======List of files/folders modified in the last 1 months======

 

2010-06-20 16:08:27 ----D---- C:\Program Files\trend micro

2010-06-20 16:08:18 ----D---- C:\WINDOWS\Prefetch

2010-06-20 16:08:14 ----D---- C:\WINDOWS\system32\drivers

2010-06-20 16:07:48 ----D---- C:\WINDOWS\temp

2010-06-20 15:37:42 ----D---- C:\WINDOWS\system32\CatRoot2

2010-06-20 15:34:29 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-06-20 15:31:23 ----SHD---- C:\WINDOWS\Installer

2010-06-20 15:31:08 ----D---- C:\Program Files\Lavasoft

2010-06-20 15:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-06-20 15:30:58 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-06-20 15:30:52 ----D---- C:\WINDOWS\system32

2010-06-20 08:40:05 ----SD---- C:\WINDOWS\Tasks

2010-06-20 08:40:05 ----D---- C:\WINDOWS

2010-06-19 22:32:13 ----D---- C:\Program Files\Yahoo!

2010-06-19 10:38:58 ----D---- C:\Documents and Settings\FKB\Application Data\uTorrent

2010-06-19 10:30:20 ----A---- C:\WINDOWS\NeroDigital.ini

2010-06-17 21:38:24 ----D---- C:\Program Files\mIRC

2010-06-17 08:59:54 ----HD---- C:\WINDOWS\inf

2010-06-16 20:55:44 ----RD---- C:\Program Files

2010-06-13 18:43:30 ----D---- C:\Documents and Settings\FKB\Application Data\Macromedia

2010-06-13 18:05:45 ----D---- C:\WINDOWS\Drivers

2010-06-10 22:22:18 ----D---- C:\WINDOWS\Microsoft.NET

2010-06-10 22:22:11 ----RSD---- C:\WINDOWS\assembly

2010-06-10 21:27:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-06-10 21:23:36 ----HD---- C:\WINDOWS\$hf_mig$

2010-06-10 21:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-06-10 21:15:38 ----D---- C:\Program Files\Internet Explorer

2010-06-10 21:15:04 ----D---- C:\WINDOWS\ie8updates

2010-06-10 21:10:04 ----D---- C:\WINDOWS\Debug

2010-06-10 21:02:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-06-10 21:01:10 ----D---- C:\WINDOWS\WinSxS

2010-06-09 09:44:21 ----D---- C:\Documents and Settings\FKB\Application Data\Classes de site

2010-06-09 09:44:20 ----D---- C:\Documents and Settings\FKB\Application Data\Sites

2010-06-07 10:24:17 ----D---- C:\Program Files\Microsoft Silverlight

2010-06-04 21:39:43 ----D---- C:\WINDOWS\system32\Setup

2010-06-04 21:36:53 ----D---- C:\Program Files\Fichiers communs\InstallShield

2010-06-03 18:59:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-06-01 20:30:38 ----SD---- C:\Documents and Settings\FKB\Application Data\Microsoft

2010-06-01 20:29:08 ----D---- C:\Program Files\MSN

2010-05-28 15:37:34 ----A---- C:\WINDOWS\system32\MRT.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]

R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-19 46720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 LF30FS;LF30FS; \??\D:\Program Files\Lock Folder XP 3.6\LF30XP.sys []

R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]

R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]

R2 ScFBPNT2;CanoScan FBP2 Port Driver; \??\C:\WINDOWS\system32\drivers\ScFBPNT2.SYS []

R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-19 60800]

R3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-28 9600]

R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-19 61824]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]

S2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys []

S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-04 48128]

S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-04 38912]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]

S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]

S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]

S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]

S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]

S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]

S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]

S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]

S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]

S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]

S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]

S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]

S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]

S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]

S3 klmd23;klmd23; C:\WINDOWS\system32\drivers\klmd.sys [2010-06-20 52432]

S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-04 51328]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-19 10880]

S3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2010-02-28 47360]

S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-06 153376]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 nmservice;Pure Networks Platform Service; C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-10-23 244904]

R2 TomTomHOMEService;TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2008-07-26 141848]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 nmraapache;Pure Networks Net2Go Service; D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-16 12800]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

-----------------------------------------------------------------------------------------------------------

 

Et le rapport de TDSSKiller:

15:52:13:937 2524 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

15:52:13:937 2524 ================================================================================

15:52:13:937 2524 SystemInfo:

 

15:52:13:937 2524 OS Version: 5.1.2600 ServicePack: 2.0

15:52:13:937 2524 Product type: Workstation

15:52:13:937 2524 ComputerName: ORDISALON

15:52:13:937 2524 UserName: FKB

15:52:13:937 2524 Windows directory: C:\WINDOWS

15:52:13:937 2524 Processor architecture: Intel x86

15:52:13:937 2524 Number of processors: 1

15:52:13:937 2524 Page size: 0x1000

15:52:13:937 2524 Boot type: Normal boot

15:52:13:937 2524 ================================================================================

15:52:14:781 2524 Initialize success

15:52:14:781 2524

15:52:14:781 2524 Scanning Services ...

15:52:15:203 2524 Raw services enum returned 363 services

15:52:15:218 2524

15:52:15:218 2524 Scanning Drivers ...

15:52:16:796 2524 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys

15:52:17:109 2524 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

15:52:17:218 2524 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:52:17:328 2524 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:52:17:718 2524 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

15:52:18:171 2524 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

15:52:19:218 2524 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:52:20:359 2524 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:52:20:703 2524 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:52:20:937 2524 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:52:21:046 2524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:52:21:140 2524 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys

15:52:21:218 2524 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

15:52:21:343 2524 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

15:52:21:453 2524 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys

15:52:21:562 2524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:52:21:703 2524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:52:21:906 2524 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:52:22:109 2524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:52:22:562 2524 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

15:52:22:687 2524 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:52:23:109 2524 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

15:52:23:296 2524 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys

15:52:23:531 2524 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\DRIVERS\dmio.sys

15:52:24:203 2524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:52:24:296 2524 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

15:52:24:453 2524 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

15:52:24:531 2524 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:52:24:640 2524 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

15:52:24:718 2524 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

15:52:24:828 2524 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

15:52:24:968 2524 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:52:25:046 2524 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys

15:52:25:171 2524 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:52:25:281 2524 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys

15:52:25:375 2524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:52:25:500 2524 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:52:25:578 2524 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:52:25:687 2524 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:52:25:906 2524 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

15:52:26:125 2524 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:52:26:218 2524 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

15:52:26:328 2524 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

15:52:26:406 2524 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

15:52:26:500 2524 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

15:52:26:593 2524 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

15:52:26:703 2524 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

15:52:26:796 2524 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

15:52:26:921 2524 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

15:52:27:000 2524 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

15:52:27:265 2524 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

15:52:27:343 2524 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

15:52:27:421 2524 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

15:52:27:484 2524 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

15:52:27:546 2524 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

15:52:27:609 2524 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

15:52:27:687 2524 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:52:27:968 2524 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys

15:52:28:078 2524 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys

15:52:28:171 2524 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys

15:52:28:437 2524 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys

15:52:28:593 2524 IntelIde (1367812f8a974e0c13a4888fa5e7ede6) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:52:28:687 2524 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

15:52:28:765 2524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:52:28:890 2524 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:52:29:000 2524 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:52:29:109 2524 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:52:29:218 2524 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:52:29:312 2524 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:52:29:406 2524 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:52:29:515 2524 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

15:52:29:687 2524 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

15:52:29:812 2524 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

15:52:30:015 2524 LF30FS (10e0d92e5b21c045e0a53befb71dc09d) D:\Program Files\Lock Folder XP 3.6\LF30XP.sys

15:52:30:796 2524 LVcKap (b72e763eb92b8dbe45c455ba6e4babd0) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

15:52:31:984 2524 LVMVDrv (e8a376abc340c35318a79b766c2406bb) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

15:52:32:562 2524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:52:32:687 2524 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys

15:52:32:906 2524 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:52:32:984 2524 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:52:33:062 2524 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

15:52:33:281 2524 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:52:33:421 2524 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:52:33:578 2524 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys

15:52:33:765 2524 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

15:52:33:921 2524 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:52:34:015 2524 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:52:34:125 2524 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

15:52:34:578 2524 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:52:34:937 2524 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

15:52:35:562 2524 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

15:52:36:312 2524 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:52:37:015 2524 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

15:52:38:062 2524 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:52:38:546 2524 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:52:39:000 2524 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:52:39:515 2524 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:52:40:109 2524 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

15:52:40:578 2524 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:52:40:687 2524 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:52:40:812 2524 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:52:40:953 2524 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

15:52:41:281 2524 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

15:52:41:453 2524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:52:41:796 2524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:52:41:953 2524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:52:42:046 2524 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:52:42:140 2524 P3 (136e0cea9bd1c42066692decfa5c6418) C:\WINDOWS\system32\DRIVERS\p3.sys

15:52:42:281 2524 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys

15:52:42:359 2524 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

15:52:42:531 2524 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

15:52:42:609 2524 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys

15:52:43:046 2524 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:52:43:296 2524 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

15:52:44:250 2524 PID_0920 (2f81e367875c5d7d6f05454ba84d27a9) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

15:52:44:437 2524 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys

15:52:44:546 2524 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:52:44:625 2524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:52:44:718 2524 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

15:52:45:125 2524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:52:45:234 2524 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:52:45:328 2524 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:52:45:437 2524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:52:45:593 2524 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:52:45:703 2524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:52:45:859 2524 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:52:46:000 2524 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

15:52:46:218 2524 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:52:46:343 2524 ScFBPNT2 (50b724c9d03111245df270bc3f49f04d) C:\WINDOWS\system32\drivers\ScFBPNT2.SYS

15:52:46:468 2524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:52:46:562 2524 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:52:46:656 2524 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys

15:52:46:781 2524 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:52:46:984 2524 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:52:47:187 2524 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

15:52:47:296 2524 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys

15:52:47:437 2524 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

15:52:47:593 2524 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

15:52:47:750 2524 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:52:47:859 2524 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:52:47:937 2524 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

15:52:48:296 2524 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

15:52:48:484 2524 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:52:48:593 2524 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:52:48:703 2524 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

15:52:48:828 2524 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:52:48:968 2524 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

15:52:49:203 2524 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

15:52:49:906 2524 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:52:51:046 2524 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:52:51:203 2524 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:52:51:343 2524 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:52:51:578 2524 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:52:51:750 2524 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

15:52:52:000 2524 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys

15:52:52:171 2524 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:52:52:343 2524 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

15:52:52:437 2524 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:52:52:531 2524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:52:52:609 2524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:52:52:609 2524

15:52:52:609 2524 Completed

15:52:52:609 2524

15:52:52:609 2524 Results:

15:52:52:609 2524 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

15:52:52:609 2524 File objects infected / cured / cured on reboot: 0 / 0 / 0

15:52:52:609 2524

15:52:52:625 2524 KLMD(ARK) unloaded successfully

 

 

 

Voila, merci

Speck41

[no.ppp]

Salut,

 

Très bien çà. À l'occasion, il faudrait arrêter le P2P.

Supprime :

• C:\TDSSKiller.2.3.2.0_20.06.2010_16.08.14_log.txt
  
• C:\TDSSKiller.2.3.2.0_20.06.2010_15.52.13_log.txt
  
• C:\_OTL
  
• Tous les raccourcis des outils téléchargés.
  

 

Comment va ta machine ?

 

Nous allons rechercher les restes à l'aide d'un scan en ligne :

 

*Clique avec le bouton droit de ta souris sur ce lien et ouvre-le dans une nouvelle fenêtre : ESET OnlineScan

~ Cette manipulation doit se faire avec Internet Explorer !

 

• Clique ensuite sur ce bouton pour lancer l'analyse :
  
• Choisis YES pour accepter les termes de la license.
  
• Clique alors sur le bouton
  => Clique dans la barre jaune qui risque d'apparaître et autorise le programme (il est évidemment sans risque)
  
• Coche la case "Scan Archives"
  
• Appuie alors sur "Start"
  => L'outil se met à jour, installe les nouvelles bases de données et commencer l'analyse, cela va prendre beaucoup de temps; sois patient !
  
• Lorsqu'il a terminé, clique sur le bouton "List of found threats"
  
• Clique alors "Export to text file..." et enregistre le fichier sur ton bureau.
  
• Poste son contenu dans ta prochaine réponse.
  

[speck41]

Bonjour no.ppp, oui mon ordinateur va mieux, il n'y a plus de fenêtres internet explorer qui s'ouvrent et il semble un peu plus rapide aussi, comme tu le dis, pour eset online scanner "cela va prendre beaucoup de temps; sois patient !" ça a pris 10h05min.....

Voici les résultats:

C:\RECYCLER\S-1-5-21-606747145-162531612-682003330-1003\Dc32\MovedFiles\06202010_083941\C_Documents and Settings\FKB\Local Settings\temp\Ijd.exe a variant of Win32/Kryptik.FBH trojan

C:\RECYCLER\S-1-5-21-606747145-162531612-682003330-1003\Dc32\MovedFiles\06202010_083941\C_WINDOWS\Ibatia.exe a variant of Win32/Kryptik.FBH trojan

D:\INCINERATE\Install\unlocker_1.8.7_francais_20237.exe a variant of Win32/Adware.ADON application

D:\Install\dxplayer_setup.exe multiple threats

D:\Install\Graveur\Nero 7 Premium 7.10.1( French-English) + keygen\Nero 7 Premium 7.10.1( French-English) + keygen.zip Win32/Toolbar.AskSBar application

D:\Install\Graveur\Nero 7 Premium 7.10.1( French-English) + keygen\Nero 7 Premium 7.10.1( French-English) + keygen\Nero-7.10.1.0.exe Win32/Toolbar.AskSBar application

D:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2.exe probably a variant of Win32/Agent trojan

D:\Program Files\DivX Player\eBayShortcuts.exe Win32/Adware.ADON application

-----------------------------------------------------------------------------------------------------------------

 

En attente de tes conseils, merci.

Speck41

Modifié le 21 juin 2010 par speck41

[no.ppp]

Salut,

 

Vide ta corbeille sur le Bureau.

 

Ensuite, ce sont des éléments que tu as téléchargé toi-même. Tu sembles visiter des sites curieux qui ne sont pas dignes de confiance et c'est tout à ton désavantage.

 

Supprime les éléments suivants :

D:\INCINERATE\Install\unlocker_1.8.7_francais_20237.exe

D:\Install\dxplayer_setup.exe

D:\Install\Graveur\Nero 7 Premium 7.10.1( French-English) + keygen\Nero 7 Premium 7.10.1( French-English) + keygen.zip

D:\Install\Graveur\Nero 7 Premium 7.10.1( French-English) + keygen\Nero 7 Premium 7.10.1( French-English) + keygen\Nero-7.10.1.0.exe

 

Méfie-toi également des jeux en ligne, bien qu'attractif, ils peuvent contenir des infections.

 

 

C'est OK avec ces dernières manip's

 

Je t'invite à lire ceci :

• Comment éviter bien des infections ?
  
• Les risques sécuritaires du peer-to-peer en 10 points
  
• Ma machine rame ...
  
• Garde ton système à jour.
  
• Télécharge Update Checker tu l'installes et il te liste ce qu'il faut mettre à jour avec les liens correspondants.
  

 

------------------------------------------------------------------------------------------­­-------------------------

 

Suppression des points de restauration :

• 
   
  
• XP : PC Astuces - Supprimer les anciens points de restauration - Windows XP
  
• Vista : Vider les points de restauration système sous Vista : Astuces pour Windows Vista - Windows Seven
  
• 7 : http://windows.microsoft.com/fr-CA/windows7/Turn-System-Restore-on-or-off
  

 

------------------------------------------------------------------------------------------­­-------------------------

 

Suppression des outils utilisés :

Relance OTL et clique sur Purge Outils.

 

------------------------------------------------------------------------------------------­­-------------------------

 

Télécharge Ccleaner :

• 
   
  
• Clique sur le premier Download now > Choisis la version Slim
  
• Installe Ccleaner.
  
• Nettoie Windows et la base de registre en suivant ce tuto :
  

Tutorial CCleaner

 

------------------------------------------------------------------------------------------­­-------------------------

 

 

N'oublie pas que la sécurité de ton PC, c'est toi qui l'a fait, évite le P2P, les cracks, les sites à risques.

Ne sois pas un fou du clic et réfléchis avant de cliquer sur tel ou tel lien.

Un antivirus et un pare-feu ne font pas tout. Tu restes le seul maître de ton PC.

 

------------------------------------------------------------------------------------------­­-------------------------

 

 

Passe ton sujet en résolu en éditant ton premier message et en y ajoutant [RESOLU]