Boottson.dll - Résolu

patcar06 · le 15 juillet 2011

Bonjour

Depuis qq jours j'ai ce message à chaque démarrage:

Erreur de chargement de boottson.dll Le module spécifié est introuvable.

Pour l'instant mon PC n'a pas d'autres symptômes.

J'ai trouvé et supprimé ce fichier mais le message apparait toujours.

Un scan avec antivir en mode sans échec n'a rien donné et mes compétences s'arrêtent là.

Pourriez-vous m'aider s'il vous plait?

Ci-dessous le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:40:09, on 15/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

C:\Program Files\Fichiers communs\EPSON\EPW!3 SSRP\E_S50ST7.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Fichiers communs\EPSON\EPW!3 SSRP\E_S50RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nlssrv32.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"

O4 - HKCU\..\Run: [Epson Stylus SX525WD(Réseau)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE /FU "C:\WINDOWS\TEMP\E_S3A.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Patrice')

O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [AdobeBridge] (User 'Patrice')

O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [skype] "C:\Documents and Settings\Patrice\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Patrice')

O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [cleacomp] rundll32 "boottson.dll",CreateProcessNotify (User 'Patrice')

O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [EPSON SX525WD Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE /FU "C:\WINDOWS\TEMP\E_S3E4.tmp" /EF "HKCU" (User 'Patrice')

O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [Epson Stylus SX525WD(Réseau)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE /FU "C:\DOCUME~1\Patrice\LOCALS~1\Temp\E_S1A.tmp" /EF "HKCU" (User 'Patrice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-796845957-117609710-1801674531-1003 Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Patrice')

O4 - S-1-5-21-796845957-117609710-1801674531-1003 User Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Patrice')

O4 - S-1-5-18 Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Default user')

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe

O4 - Global Startup: Wireless Connection Manager.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{511CCF1A-5470-4302-AB7F-63158B11BAD9}: NameServer = 62.231.32.10,62.231.32.11

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: DCService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EPW!3 SSRP\E_S50ST7.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EPW!3 SSRP\E_S50RP7.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: WLSVC - Unknown owner - C:\Program Files\D-Link\DWA-131 revA\WLSVC.exe

--

End of file - 12131 bytes

Modifié le 15 août 2011 par patcar06

patcar06 · le 15 juillet 2011

Si çà peut aider je rajoute le rapport Malwarebytes

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Version de la base de données: 7149

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

15/07/2011 21:01:40

mbam-log-2011-07-15 (21-00-44).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 179860

Temps écoulé: 4 minute(s), 17 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\dllcache (Backdoor.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\dllcache (Backdoor.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

lance_yien · le 16 juillet 2011

Bonjour patcar06,

Très Important!

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

Si à la place du bouton "Suivre ce sujet" tu as "Arrêter de suivre ce sujet", c'est que les réglages ont déjà été faits.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

>>> Que faire à la réception de nouvelles instructions:

Lire la totalité du message.
Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau. Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau (ou les déplacer avant utilisation par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller").
Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

>>> Ne pas abandonner son sujet avant d'avoir été informé(e) que tout est OK.

>>> Utiliser Malwarebytes' Anti-Malware: L'indication "-> No action taken." dans le rapport de "Malwarebytes' Anti-Malware" signifie que tu n'as pas cliqué sur Supprimer la selection à la fin de l'analyse.

Fermer toutes les applications et fenêtres ouvertes et lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom. Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher".

Patienter jusqu'à la fin (affichage du message ci-dessous)

Cliquer sur OK, pour fermer ce message.

- Cliquer sur "Afficher les résultats" puis s'assurer que tout est coché et cliquer sur "Supprimer la sélection".

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet Rapport/Logs de la fenêtre principale de MBAM. Poster son contenu dans la prochaine réponse.

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

ComboFix© (par sUBs) depuis ici ou ici
Security Check (par screen317) depuis ici ou ici.

>>> Utiliser ComboFix: Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" (Vista/W7, cliquer-droit dessus => "Exécuter en tant qu'administrateur") pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

Rapports demandés:

Malwarebytes Anti-Malware log
ComboFix.txt
checkup.txt

Un changement quelconque?

patcar06 · le 20 juillet 2011

Bonjour et merci pour vos explications.

Désolé pour ma réponse tardive, je n'avais pas reçu de notification mais j'ai corrigé çà dans mes paramètres.

J'ai bien effectué les 3 étapes dont voici les rapports par contre mon message d'erreur apparait encore.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Version de la base de données: 7200

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

19/07/2011 17:15:40

mbam-log-2011-07-19 (17-15-40).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 181737

Temps écoulé: 4 minute(s), 41 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\dllcache (Backdoor.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Network\dllcache (Backdoor.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

----------------------------------------------------------------------------------------------

ComboFix 11-07-19.02 - Pat-admin 20/07/2011 8:53.1.4 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1210 [GMT 2:00]

Lancé depuis: c:\documents and settings\Pat-admin\Bureau\ComboFix.exe

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Pat-admin\Application Data\Microsoft\Internet Explorer\Desktop.htt

c:\documents and settings\Patrice\Local Settings\Application Data\Skype\Phone\Skype.exe

c:\documents and settings\Patrice\WINDOWS

D:\install.exe

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_1

-------\Service_5

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-06-20 au 2011-07-20 ))))))))))))))))))))))))))))))))))))

.

2011-07-16 13:51 . 2011-07-16 13:51 -------- d-----w- c:\documents and settings\Patrice\Local Settings\Application Data\ArcSoft

2011-07-16 13:27 . 2011-07-16 13:27 -------- d-----w- c:\documents and settings\Pat-admin\Local Settings\Application Data\ArcSoft

2011-07-16 13:26 . 2011-07-19 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft

2011-07-16 13:25 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-07-16 13:24 . 2011-07-16 13:25 -------- d-----w- c:\program files\Fichiers communs\ArcSoft

2011-07-16 13:24 . 2011-07-16 13:28 -------- d-----w- c:\program files\ArcSoft

2011-07-16 13:20 . 2009-12-20 22:00 65793 ----a-w- c:\windows\system32\esfwad.bin

2011-07-16 13:20 . 2009-12-06 22:00 204800 ----a-w- c:\windows\system32\esintad.dll

2011-07-16 13:20 . 2009-10-21 12:48 390656 ----a-w- c:\windows\system32\eswiaad.dll

2011-07-15 17:59 . 2011-07-15 17:59 -------- d-----w- c:\documents and settings\Pat-admin\Application Data\Malwarebytes

2011-07-15 17:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-15 17:59 . 2011-07-15 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-15 17:59 . 2011-07-15 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-15 17:59 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-08 19:52 . 2011-07-08 19:52 -------- d-----w- c:\program files\Western Digital Technologies

2011-07-07 16:27 . 2011-07-07 16:27 -------- d-----w- c:\program files\DIFX

2011-07-05 20:42 . 2011-07-05 21:11 -------- d-----w- c:\documents and settings\Pat-admin\Application Data\Epson

2011-07-05 19:29 . 2011-07-05 19:29 -------- d-----w- c:\documents and settings\LocalService\Bureau

2011-07-05 19:29 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL

2011-07-05 19:29 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BGAE.DLL

2011-07-05 19:29 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBGAE.DLL

2011-07-05 19:24 . 2011-07-05 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL

2011-07-05 19:20 . 2011-07-16 13:33 -------- d-----w- c:\program files\Epson Software

2011-07-05 19:19 . 2011-07-05 19:19 -------- d-----w- c:\documents and settings\Pat-admin\Local Settings\Application Data\ABBYY

2011-07-05 19:15 . 2011-07-16 13:30 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2011-07-05 19:15 . 2011-07-05 19:15 -------- d-----w- c:\program files\Fichiers communs\ABBYY

2011-07-05 19:15 . 2011-07-05 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY

2011-07-05 19:14 . 2008-12-01 11:00 457611 ----a-w- c:\windows\system32\ensppui.dll

2011-07-05 19:14 . 2008-12-01 11:00 457611 ----a-w- c:\windows\system32\enppui.dll

2011-07-05 19:14 . 2008-12-01 10:58 474892 ----a-w- c:\windows\system32\ensppmon.dll

2011-07-05 19:14 . 2008-12-01 10:58 474892 ----a-w- c:\windows\system32\enppmon.dll

2011-07-05 19:14 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll

2011-07-05 19:14 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll

2011-07-05 19:14 . 2011-07-17 09:20 -------- d-----w- c:\program files\Fichiers communs\EPSON

2011-07-05 19:13 . 2011-07-16 13:47 -------- d-----w- c:\program files\EpsonNet

2011-07-05 19:12 . 2011-07-16 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2011-07-05 19:12 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2011-07-05 19:12 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll

2011-07-05 19:12 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll

2011-07-05 19:12 . 2011-07-16 13:33 -------- d-----w- c:\program files\epson

2011-07-01 22:08 . 2011-07-15 12:36 -------- d-----w- c:\program files\ma-config.com

2011-07-01 22:08 . 2011-07-15 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com

2011-06-25 13:53 . 2011-06-25 13:53 -------- d-----w- c:\program files\Fichiers communs\Java

2011-06-25 13:52 . 2011-06-25 13:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-25 13:52 . 2011-06-25 13:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-25 13:52 . 2011-06-25 13:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-25 13:52 . 2011-06-25 13:52 -------- d-----w- c:\program files\Java

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-14 08:10 . 2011-06-14 07:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-03 10:31 . 2009-05-16 07:05 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-03 10:31 . 2009-05-16 07:05 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-30 08:38 . 2010-03-03 19:54 97504 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 08:38 . 2010-03-03 19:54 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 08:38 . 2010-03-03 19:54 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 08:38 . 2010-03-03 19:54 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 08:37 . 2010-03-03 19:54 285256 ----a-w- c:\windows\system32\guard32.dll

2011-06-06 13:53 . 2011-06-06 13:53 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2011-06-06 13:53 . 2011-06-06 13:53 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-06-06 11:35 . 2008-04-14 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2009-02-22 09:34 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2008-04-14 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:06 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:06 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-16 04:38 . 2011-07-14 08:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]

"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]

"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360]

"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]

"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]

"AdobeAAMUpdater-1.0"="c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 450560]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Patrice\Menu D‚marrer\Programmes\D‚marrage\

palmOne Registration.lnk - c:\recycler\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe [N/A]

.

c:\documents and settings\Patrice\Menu D‚marrer\Programmes\D‚marrage\

palmOne Registration.lnk - c:\recycler\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe [N/A]

.

c:\documents and settings\Pat-admin\Menu D‚marrer\Programmes\D‚marrage\

MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]

Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-131 revA\wirelesscm.exe [2011-6-6 505152]

.

c:\documents and settings\Patrice\Menu D‚marrer\Programmes\D‚marrage\

palmOne Registration.lnk - c:\recycler\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-11-07 16:41 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 3.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Device Detector 3.lnk

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HOTSYNCSHORTCUTNAME.lnk

backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Pat-admin^Menu Démarrer^Programmes^Démarrage^MRU-Blaster Scheduler.lnk]

path=c:\documents and settings\Pat-admin\Menu Démarrer\Programmes\Démarrage\MRU-Blaster Scheduler.lnk

backup=c:\windows\pss\MRU-Blaster Scheduler.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Pat-admin^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk]

path=c:\documents and settings\Pat-admin\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk

backup=c:\windows\pss\palmOne Registration.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58 611712 ----a-w- c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]

2006-05-02 20:55 31232 ----a-r- c:\program files\Mindjet\MindManager 6\MmReminderService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-04-03 21:51 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-03-31 11:08 198160 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [03/03/2010 21:54 242600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [03/03/2010 21:54 29400]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17:07 759048]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16/05/2009 09:05 136360]

R2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [16/05/2009 08:53 45096]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [12/02/2010 21:23 148744]

R2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [22/12/2009 11:17 225280]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [24/02/2009 17:19 10384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/07/2011 19:59 366640]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [18/12/2009 11:58 57344]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [26/06/2009 15:56 102400]

R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [06/06/2011 15:52 20480]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [08/12/2010 22:55 63616]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15/07/2011 19:59 22712]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 23:23 136176]

S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-131 revA\WLSVC.exe [06/06/2011 15:52 167936]

S3 btiaa2dp;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btiaa2dp.sys [02/11/2010 22:55 67456]

S3 BTiAPan;Bluetooth PAN Miniport;c:\windows\system32\drivers\btiapan.sys [02/11/2010 22:55 30720]

S3 btiarcp;Bluetooth AVRCP Device;c:\windows\system32\drivers\btiarcp.sys [02/11/2010 22:55 9216]

S3 btiaspp;Bluetooth Serial driver;c:\windows\system32\drivers\btiaspp.sys [02/11/2010 22:55 79744]

S3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\drivers\btiausb.sys [02/11/2010 22:55 23808]

S3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\drivers\btprot.sys [02/11/2010 22:55 484096]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [16/08/2009 17:04 223232]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [08/12/2010 22:55 101504]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [08/12/2010 22:55 117504]

S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2010 23:23 136176]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]

S3 iAnywhere_btAudio;Bluetooth Virtual SCO Device;c:\windows\system32\drivers\btiasco.sys [02/11/2010 22:55 19712]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [09/07/2011 16:03 311928]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [15/07/2011 19:59 41272]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [06/06/2011 15:51 588032]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [16/03/2009 11:12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [16/03/2009 11:12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [16/03/2009 11:12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [16/03/2009 11:12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [16/03/2009 11:12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [16/03/2009 11:12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [16/03/2009 11:12 115752]

S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [13/02/2007 19:16 12288]

S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

.

Contenu du dossier 'Tâches planifiées'

.

2011-07-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-PATRICE-PC-Pat-admin.job

- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-05 02:44]

.

2011-07-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-PATRICE-PC-Patrice.job

- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-05 02:44]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 21:22]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 21:22]

.

2011-07-19 c:\windows\Tasks\SyncBack Backup-Lucille.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

2011-07-06 c:\windows\Tasks\SyncBack Backup-Patrice-Outlook.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

2011-07-13 c:\windows\Tasks\SyncBack Backup-Patrice-PC.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

2011-07-19 c:\windows\Tasks\SyncBack Backup-Photos-Patrice.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

2011-07-15 c:\windows\Tasks\SyncBack Backup-Sabine-Outlook.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

2011-07-19 c:\windows\Tasks\SyncBack Backup-Sabine-PC.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

2011-07-19 c:\windows\Tasks\SyncBack Bookmarks-PC-Patrice.job

- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-24 17:45]

.

------- Examen supplémentaire -------

.

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: Interfaces\{511CCF1A-5470-4302-AB7F-63158B11BAD9}: NameServer = 62.231.32.10,62.231.32.11

FF - ProfilePath - c:\documents and settings\Pat-admin\Application Data\Mozilla\Firefox\Profiles\7y5kqfwf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHELINS SUPPRIMES - - - -

.

HKLM-Run-pdfSaver3 - (no file)

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-XnView_is1 - g:\xnview\unins000.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-20 09:00

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'winlogon.exe'(756)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'lsass.exe'(812)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(3544)

c:\windows\system32\guard32.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\ATKKBService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\Photodex\ProShowGold\ScsiAccess.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\rundll32.exe

c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2011-07-20 09:03:58 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-07-20 07:03

.

Avant-CF: 14 773 903 360 octets libres

Après-CF: 15 082 299 392 octets libres

.

- - End Of File - - 443AADCDED98E288B473635D4A0B2B7E

---------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.26

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

``````````End of Log````````````

lance_yien · le 20 juillet 2011

Bonjour,

Si tu utilises des mots de passe dans cette machine, je te recommande de les changer vu qu'elle est/ était victime d'une infection par "Backdoor.Agent" réputée pour ramasser tout ce qui traine (identifiants, MDP, infos personnelles etc...)

--

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

>>> ESET Online Scanner: Brancher et allumer tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ parefeu et antispyware.

Utiliser Internet Explorer pour aller ICI.

Cliquer sur le bouton vert ESET Online Scanner, cocher la case "YES, I accept the Terms of Use" et cliquer sur Start.
Accepter l'installation de l'ActiveX.
Cocher "Scan archives", DEcocher "Remove found threats" et cliquer Start.
Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
Ensuite, cliquer sur "List of found threats"
Cliquer sur "Export to text file..." et sauvegarder les résultats sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
Cliquer sur et cocher la case Uninstall application on close pour supprimer ESET Online Scanner de la machine.

Cliquer sur et poster le rapport.

>>> Utiliser OTL: Télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ parefeu et antispyware.

Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe (Vista/ Windows7, cliquer-droit dessus => Exécuter en tant qu'Admin).

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs
drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

Rapports demandés:

scan-results.txt
OTL.txt
Extras.txt

patcar06 · le 24 juillet 2011

Bonjour

Cà y est, l'analyse est terminée (plus de 7h).

Je ne reçois toujours pas de notification par mail lorsque tu réponds.

J'ai également une question, pour l'analyse tu demandes de désactiver toutes les protections donc mon pc s'est trouvé sans protection pendant 7h.

Est-ce bien prudent?

Sinon voici les résultats de ce que tu m'as demandé en commençant par le scan-results.txt

D:\Patrice\Photo\ACDSee Pro v2.0.238 (French)\Keygen\keygen.exe une variante de Win32/Keygen.AG application

D:\Patrice\Photo\Logiciels\ACDSee Pro v2.0.238 (French).zip une variante de Win32/Keygen.AG application

D:\Patrice\Utilitaires_Windows\Video\FFSetup220.zip Win32/Adware.ADON application

F:\Backup-Patrice-PC-2010\Photo\ACDSee Pro v2.0.238 (French)\Keygen\keygen.exe une variante de Win32/Keygen.AG application

F:\Backup-Patrice-PC-2010\Photo\Logiciels\ACDSee Pro v2.0.238 (French).zip une variante de Win32/Keygen.AG application

F:\Backup-Patrice-PC-2010\Utilitaires_Windows\Video\FFSetup220.zip Win32/Adware.ADON application

L:\Backup-Patrice-PC-2010\Photo\ACDSee Pro v2.0.238 (French)\Keygen\keygen.exe une variante de Win32/Keygen.AG application

L:\Backup-Patrice-PC-2010\Photo\Logiciels\ACDSee Pro v2.0.238 (French).zip une variante de Win32/Keygen.AG application

L:\Backup-Patrice-PC-2010\Utilitaires_Windows\Video\FFSetup220.zip Win32/Adware.ADON application

patcar06 · le 24 juillet 2011

Voici le fichier OTL.Txt

OTL logfile created on: 24/07/2011 18:17:00 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Patrice\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,85% Memory free

3,85 Gb Paging File | 3,03 Gb Available in Paging File | 78,92% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 13,85 Gb Free Space | 28,37% Space Free | Partition Type: NTFS

Drive D: | 547,34 Gb Total Space | 244,17 Gb Free Space | 44,61% Space Free | Partition Type: NTFS

Drive F: | 465,76 Gb Total Space | 147,72 Gb Free Space | 31,72% Space Free | Partition Type: NTFS

Drive G: | 1,91 Gb Total Space | 1,40 Gb Free Space | 73,36% Space Free | Partition Type: FAT

Drive H: | 1,90 Gb Total Space | 1,90 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Drive L: | 465,64 Gb Total Space | 167,45 Gb Free Space | 35,96% Space Free | Partition Type: FAT32

Computer Name: PATRICE-PC | User Name: Pat-admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 14:35:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrice\Bureau\OTL.exe

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/03 12:31:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/30 10:37:27 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2011/06/30 10:37:05 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2011/06/07 09:49:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/02/09 21:36:21 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe

PRC - [2010/11/04 09:56:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/04/05 21:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2010/03/25 04:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/02/12 21:23:32 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/12/22 11:17:04 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

PRC - [2009/12/18 11:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe

PRC - [2009/12/17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

PRC - [2009/06/26 15:56:20 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

PRC - [2008/12/23 19:25:14 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

PRC - [2008/10/20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008/07/23 19:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

PRC - [2008/07/10 12:22:24 | 000,397,312 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

PRC - [2008/05/26 20:34:48 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 13:45:08 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe

PRC - [2005/04/29 09:07:14 | 000,045,096 | ---- | M] (H+BEDV Datentechnik GmbH, Germany) -- C:\Program Files\AVPersonal\AVWUPSRV.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/24 14:35:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrice\Bureau\OTL.exe

MOD - [2011/06/30 10:37:25 | 000,285,256 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll

MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/09 16:03:20 | 000,311,928 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/03 12:31:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/06/30 10:37:27 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2011/06/07 09:49:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/02/09 21:36:21 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)

SRV - [2010/04/05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/02/12 21:23:32 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)

SRV - [2009/12/22 11:17:04 | 000,225,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2009/12/18 11:58:28 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)

SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009/06/26 15:56:58 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

SRV - [2009/05/07 23:19:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-131 revA\WLSVC.exe -- (WLSVC)

SRV - [2008/12/23 19:25:14 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2008/11/07 18:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/10/20 23:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2008/04/14 13:45:08 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

SRV - [2006/10/26 21:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/04/29 09:07:14 | 000,045,096 | ---- | M] (H+BEDV Datentechnik GmbH, Germany) [Auto | Running] -- C:\Program Files\AVPersonal\AVWUPSRV.EXE -- (AVWUpSrv)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/03 12:31:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/03 12:31:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/07/02 14:33:46 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)

DRV - [2011/06/30 10:38:14 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)

DRV - [2011/06/30 10:38:13 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2011/06/30 10:38:12 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2010/07/07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010/05/17 14:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2010/04/09 17:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/25 12:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/20 13:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/20 12:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/10/07 10:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2009/10/07 10:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)

DRV - [2009/10/07 10:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/10/07 10:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)

DRV - [2009/05/11 13:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/04/10 09:34:30 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)

DRV - [2009/02/26 03:13:03 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)

DRV - [2009/02/26 03:12:59 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/02/26 03:12:59 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009/02/26 03:12:51 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)

DRV - [2009/01/21 17:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2008/11/14 16:18:48 | 000,484,096 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btprot.sys -- (BTPROT)

DRV - [2008/11/14 16:18:48 | 000,023,808 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btiausb.sys -- (BTIAUSB)

DRV - [2008/10/02 13:01:46 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/09/26 11:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/09/26 11:53:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/09/26 11:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/09/26 11:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2008/09/23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)

DRV - [2008/09/16 13:21:06 | 000,079,744 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btiaspp.sys -- (btiaspp)

DRV - [2008/09/16 13:21:06 | 000,067,456 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btiaa2dp.sys -- (btiaa2dp)

DRV - [2008/09/16 13:21:06 | 000,030,720 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btiapan.sys -- (BTiAPan)

DRV - [2008/07/30 18:04:24 | 000,019,712 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btiasco.sys -- (iAnywhere_btAudio)

DRV - [2008/07/30 18:04:24 | 000,009,216 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btiarcp.sys -- (btiarcp)

DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2008/04/14 13:45:12 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)

DRV - [2008/04/14 13:45:12 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)

DRV - [2008/04/14 13:45:08 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)

DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)

DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)

DRV - [2007/12/17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007/02/16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2007/01/29 19:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)

DRV - [2007/01/17 16:30:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder2.sys -- (Spyder2)

DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006/06/14 15:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)

DRV - [2006/04/07 19:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)

DRV - [2005/03/24 19:40:38 | 000,004,096 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2001/08/17 23:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)

DRV - [1999/09/10 14:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/ig?hl="

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/14 10:11:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 15:52:59 | 000,000,000 | ---D | M]

[2009/02/27 04:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pat-admin\Application Data\Mozilla\Extensions

[2011/07/03 14:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pat-admin\Application Data\Mozilla\Firefox\Profiles\7y5kqfwf.default\extensions

[2009/09/01 10:15:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Pat-admin\Application Data\Mozilla\Firefox\Profiles\7y5kqfwf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/07 19:49:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Pat-admin\Application Data\Mozilla\Firefox\Profiles\7y5kqfwf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/07/03 14:29:49 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Pat-admin\Application Data\Mozilla\Firefox\Profiles\7y5kqfwf.default\extensions\foxmarks@kei.com

[2011/07/14 10:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/25 15:53:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2011/06/16 06:38:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/06/25 15:52:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/07/20 09:00:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()

O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)

O4 - HKCU..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.)

O4 - Startup: C:\Documents and Settings\Pat-admin\Menu Démarrer\Programmes\Démarrage\MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe ()

O4 - Startup: C:\Documents and Settings\Pat-admin\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Pat-admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pat-admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/22 11:36:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.asv2 - C:\WINDOWS\System32\ASUSASV2.DLL ()

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)

Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)

Drivers32: vidc.x264 - C:\WINDOWS\System32\x264vfw.dll ()

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 23:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/23 22:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Application Data\DivX

[2011/07/23 21:53:41 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll

[2011/07/23 21:53:41 | 000,237,568 | ---- | C] (On2.com Inc.) -- C:\WINDOWS\System32\vp7dec.ax

[2011/07/23 21:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\On2 Technologies

[2011/07/23 21:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\On2 Technologies

[2011/07/23 21:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AC3Filter

[2011/07/23 21:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter

[2011/07/23 21:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Menu Démarrer\Programmes\x264vfw

[2011/07/23 21:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DivX Plus

[2011/07/23 21:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared

[2011/07/23 21:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2011/07/23 21:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Menu Démarrer\Programmes\Haali Media Splitter

[2011/07/23 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Haali

[2011/07/23 21:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Xvid

[2011/07/23 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid

[2011/07/23 21:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

[2011/07/23 21:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ripp-It Codec Pack

[2011/07/23 19:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Menu Démarrer\Programmes\AviSynth 2.5

[2011/07/23 19:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AviSynth 2.5

[2011/07/23 19:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Menu Démarrer\Programmes\Ripp-it_am

[2011/07/23 19:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Ripp-it_AM

[2011/07/23 17:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Application Data\EAC

[2011/07/23 17:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Application Data\AccurateRip

[2011/07/23 17:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Exact Audio Copy

[2011/07/23 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy

[2011/07/22 19:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2011/07/22 19:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2011/07/22 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Enregistrement utilisateur de Canon iP4800 series

[2011/07/22 18:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup

[2011/07/22 18:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Canon Utilities

[2011/07/22 18:41:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/07/22 18:41:13 | 000,290,816 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMAF.DLL

[2011/07/22 18:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information

[2011/07/22 18:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Canon iP4800 series

[2011/07/22 18:41:06 | 000,180,224 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUAF.DLL

[2011/07/22 18:40:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2011/07/20 11:01:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/20 08:52:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/20 08:52:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/20 08:52:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/20 08:52:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/20 08:51:59 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/19 16:42:53 | 004,157,619 | R--- | C] (Swearware) -- C:\Documents and Settings\Pat-admin\Bureau\ComboFix.exe

[2011/07/16 15:50:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pat-admin\Recent

[2011/07/16 15:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ArcSoft Connect

[2011/07/16 15:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ArcSoft Scan-n-Stitch Deluxe

[2011/07/16 15:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Local Settings\Application Data\ArcSoft

[2011/07/16 15:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ArcSoft MediaImpression 2

[2011/07/16 15:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft

[2011/07/16 15:25:00 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys

[2011/07/16 15:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ArcSoft

[2011/07/16 15:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft

[2011/07/16 15:20:43 | 000,390,656 | ---- | C] (Seiko Epson Corp.) -- C:\WINDOWS\System32\eswiaad.dll

[2011/07/16 15:20:43 | 000,204,800 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esintad.dll

[2011/07/15 19:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Application Data\Malwarebytes

[2011/07/15 19:59:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/15 19:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/07/15 19:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/15 19:59:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/15 19:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/15 14:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com

[2011/07/13 14:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Application Data\WinRAR

[2011/07/13 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2011/07/08 21:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies

[2011/07/07 18:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2011/07/05 22:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Application Data\Epson

[2011/07/05 21:29:29 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL

[2011/07/05 21:29:28 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBGAE.DLL

[2011/07/05 21:29:28 | 000,063,488 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BGAE.DLL

[2011/07/05 21:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL

[2011/07/05 21:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Epson Software

[2011/07/05 21:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software

[2011/07/05 21:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Local Settings\Application Data\ABBYY

[2011/07/05 21:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ABBYY FineReader 9.0 Sprint

[2011/07/05 21:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0 Sprint

[2011/07/05 21:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ABBYY

[2011/07/05 21:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ABBYY

[2011/07/05 21:14:28 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll

[2011/07/05 21:14:28 | 000,474,892 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll

[2011/07/05 21:14:28 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll

[2011/07/05 21:14:28 | 000,457,611 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll

[2011/07/05 21:14:28 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll

[2011/07/05 21:14:28 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll

[2011/07/05 21:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\EPSON

[2011/07/05 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet

[2011/07/05 21:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2011/07/05 21:12:45 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe

[2011/07/05 21:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\EPSON

[2011/07/05 21:12:44 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll

[2011/07/05 21:12:44 | 000,012,800 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escdev.dll

[2011/07/05 21:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\epson

[2011/07/02 00:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pat-admin\Mes documents\DriverGenius

[2011/07/02 00:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\ma-config.com

[2011/07/02 00:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2011/06/25 15:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2011/06/25 15:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java

[2011/06/25 15:52:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/06/25 15:52:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/06/25 15:52:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/06/25 15:52:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/06/25 15:52:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/06/25 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/24 18:17:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/07/24 18:12:41 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx

[2011/07/24 18:12:23 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX

[2011/07/24 17:49:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/24 10:30:36 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup-Photos-Patrice.job

[2011/07/24 10:20:11 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/24 10:20:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/23 22:00:42 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Bookmarks-PC-Patrice.job

[2011/07/23 21:52:30 | 000,036,734 | ---- | M] () -- C:\WINDOWS\System32\OggDSuninst.exe

[2011/07/23 21:52:24 | 000,021,764 | ---- | M] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe

[2011/07/23 21:26:11 | 000,067,863 | ---- | M] () -- C:\WINDOWS\System32\x264vfw-uninstall.exe

[2011/07/23 20:06:42 | 049,599,861 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Mes documents\SetupRiamCodecPack_4.2.7.exe

[2011/07/23 20:00:47 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup-Lucille.job

[2011/07/23 19:51:49 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Bureau\Ripp-it_AM.lnk

[2011/07/23 19:35:03 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup-Sabine-PC.job

[2011/07/23 13:09:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/20 10:05:39 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup-Sabine-Outlook.job

[2011/07/20 09:31:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup-Patrice-PC.job

[2011/07/20 09:00:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/19 16:43:45 | 004,157,619 | R--- | M] (Swearware) -- C:\Documents and Settings\Pat-admin\Bureau\ComboFix.exe

[2011/07/19 16:43:34 | 000,879,223 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Bureau\SecurityCheck.exe

[2011/07/17 11:24:31 | 000,504,006 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2011/07/17 11:24:31 | 000,435,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/17 11:24:31 | 000,081,774 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2011/07/17 11:24:31 | 000,068,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/14 10:11:21 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/14 10:10:15 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/07/14 09:58:03 | 000,002,474 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110714_095800.reg

[2011/07/14 09:53:19 | 003,778,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/07/08 21:29:53 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110708_212948.reg

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/06 17:02:16 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2011/07/06 09:15:04 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup-Patrice-Outlook.job

[2011/07/05 22:53:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI

[2011/07/05 22:37:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twunk002.MTX

[2011/07/05 21:22:59 | 000,000,306 | ---- | M] () -- C:\WINDOWS\setup.iss

[2011/07/05 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PATRICE-PC-Patrice.job

[2011/07/05 01:59:59 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PATRICE-PC-Pat-admin.job

[2011/07/04 09:42:40 | 000,025,722 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110704_094236.reg

[2011/07/03 12:31:14 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/07/03 12:31:14 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/06/30 10:38:14 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys

[2011/06/30 10:38:13 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys

[2011/06/30 10:38:12 | 000,242,600 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys

[2011/06/30 10:38:10 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys

[2011/06/30 10:37:25 | 000,285,256 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll

[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/25 15:52:50 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/06/25 15:52:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/06/25 15:52:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/06/25 15:52:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2011/06/25 15:52:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/06/25 15:49:07 | 000,007,816 | ---- | M] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110625_154904.reg

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/24 18:17:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/07/23 21:53:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vp7dec_settings.cpl

[2011/07/23 21:52:30 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe

[2011/07/23 21:52:24 | 000,021,764 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe

[2011/07/23 21:51:56 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm

[2011/07/23 21:26:11 | 000,067,863 | ---- | C] () -- C:\WINDOWS\System32\x264vfw-uninstall.exe

[2011/07/23 20:06:40 | 049,599,861 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Mes documents\SetupRiamCodecPack_4.2.7.exe

[2011/07/23 19:51:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Bureau\Ripp-it_AM.lnk

[2011/07/20 08:52:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/20 08:52:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/20 08:52:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/20 08:52:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/20 08:52:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/19 16:43:33 | 000,879,223 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Bureau\SecurityCheck.exe

[2011/07/16 15:20:43 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin

[2011/07/14 18:35:54 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\SyncBack Bookmarks-PC-Patrice.job

[2011/07/14 10:11:21 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/07/14 10:11:20 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk

[2011/07/14 09:58:02 | 000,002,474 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110714_095800.reg

[2011/07/08 21:29:49 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110708_212948.reg

[2011/07/05 22:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2011/07/05 22:37:59 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX

[2011/07/05 22:37:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx

[2011/07/05 22:37:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX

[2011/07/05 21:22:54 | 000,000,306 | ---- | C] () -- C:\WINDOWS\setup.iss

[2011/07/04 09:42:38 | 000,025,722 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110704_094236.reg

[2011/06/25 15:49:06 | 000,007,816 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Mes documents\cc_20110625_154904.reg

[2011/06/06 15:53:04 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2011/06/06 15:52:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys

[2011/06/06 15:52:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys

[2011/01/30 18:08:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010/09/15 10:03:19 | 000,007,763 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini

[2010/09/15 10:03:18 | 000,008,802 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini

[2010/09/15 09:26:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2010/08/18 18:55:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Pipe Organ

[2010/08/15 02:05:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2010/08/15 02:05:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010/08/15 02:05:39 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe

[2010/08/15 02:05:39 | 000,205,156 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/08/15 02:05:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

[2010/08/15 02:05:39 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010/03/28 20:27:53 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/12/18 11:58:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\Viveza2FC32.dll

[2009/10/11 15:10:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/07/29 08:35:54 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009/06/07 00:58:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Work - Home

[2009/06/07 00:58:31 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Pat-admin\Application Data\WebServer

[2009/06/07 00:58:31 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Desktop Pictures

[2009/06/07 00:55:18 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT

[2009/05/21 21:16:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2009/05/10 18:47:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT

[2009/04/04 11:44:13 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2009/04/03 23:51:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2009/03/23 23:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI

[2009/03/20 01:09:27 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini

[2009/03/16 20:28:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll

[2009/03/16 20:28:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll

[2009/02/27 13:17:01 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys

[2009/02/27 01:11:14 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/24 22:23:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdy.DAT

[2009/02/24 13:54:16 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL

[2009/02/23 06:47:43 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/02/23 06:44:29 | 003,778,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/02/23 04:31:28 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin

[2009/02/23 04:31:28 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin

[2009/02/23 04:31:28 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin

[2009/02/23 04:31:28 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin

[2009/02/23 04:31:27 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/02/23 04:31:27 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin

[2009/02/23 04:31:27 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin

[2009/02/23 04:31:27 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin

[2009/02/23 04:31:27 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin

[2009/02/23 04:31:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/02/23 04:31:27 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll

[2009/02/23 04:31:27 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll

[2009/02/23 04:31:27 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll

[2009/02/23 04:31:27 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll

[2009/02/23 04:31:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll

[2009/02/23 04:31:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll

[2009/02/23 04:31:27 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll

[2009/02/23 04:31:27 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini

[2009/02/23 04:31:26 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll

[2009/02/23 03:43:11 | 000,260,248 | ---- | C] () -- C:\WINDOWS\System32\QMO.dll

[2009/02/23 03:43:11 | 000,092,312 | ---- | C] () -- C:\WINDOWS\System32\QMOCameraDll.dll

[2009/02/23 01:45:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/02/22 12:50:57 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/02/22 12:50:57 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/02/22 12:50:55 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/02/22 12:50:55 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/02/22 12:42:13 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/02/22 12:42:05 | 000,029,180 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/02/22 12:42:05 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/02/22 11:37:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/02/22 11:33:37 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/05/09 18:08:32 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\Pat-admin\Local Settings\Application Data\bmarchive.bms

[2008/04/14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 14:00:00 | 000,504,006 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2008/04/14 14:00:00 | 000,435,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2008/04/14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 14:00:00 | 000,081,774 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2008/04/14 14:00:00 | 000,068,408 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2008/04/14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2007/03/20 19:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe

[2007/02/13 19:16:04 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\Spyder2.sys

[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll

[2004/10/11 13:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL

[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

[2004/07/10 20:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll

[2002/10/06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/10/05 01:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/05 01:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/02/22 11:36:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/02/22 11:31:10 | 000,000,212 | -HS- | M] () -- C:\BOOT.BAK

[2010/03/21 12:12:27 | 000,000,292 | -HS- | M] () -- C:\boot.ini

[2008/04/14 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2008/04/14 14:00:00 | 000,263,504 | RHS- | M] () -- C:\cmldr

[2009/02/22 11:36:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/07/19 17:02:19 | 000,000,045 | ---- | M] () -- C:\error.log

[2009/04/10 09:35:39 | 004,086,414 | ---- | M] () -- C:\HuskyInstallerLog.txt

[2009/02/22 11:36:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/02/22 11:36:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 14:00:00 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2011/07/24 10:19:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2011/02/01 21:37:01 | 000,001,656 | ---- | M] () -- C:\photodex-presenter-install.log

[2011/07/24 18:17:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2009/05/20 14:38:23 | 000,009,187 | ---- | M] () -- C:\resetlog.txt

[2009/02/22 12:44:38 | 000,000,057 | ---- | M] () -- C:\splash.idx

[2008/10/13 13:33:08 | 000,005,552 | -H-- | M] () -- C:\version

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2009/02/23 06:43:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2009/02/23 06:43:26 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2009/02/23 06:43:26 | 000,479,232 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2011/06/06 15:53:04 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys

[2011/07/03 12:31:14 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys

[2011/07/03 12:31:14 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys

[2011/06/30 10:38:10 | 000,017,416 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmderd.sys

[2011/06/30 10:38:12 | 000,242,600 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdGuard.sys

[2011/06/30 10:38:13 | 000,029,400 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys

[2011/06/30 10:38:14 | 000,097,504 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[2011/04/29 18:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-14 07:45:51

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\test2.txt:SummaryInformation

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

@Alternate Data Stream - 1190 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Bx5k1wsubtgZUmf9LlQGwFMEqJGnT

@Alternate Data Stream - 1034 bytes -> C:\Program Files\Fichiers communs\System:Uo2AHWFkvddMwoVQaLB8yF

@Alternate Data Stream - 1025 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:McNYHDyd9ZViID54V6M5NJQ7Mujev

@Alternate Data Stream - 1021 bytes -> C:\Program Files\Fichiers communs\System:PVCJausQNS3n3qUvj4hC01dmJajW

@Alternate Data Stream - 1001 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lar6WI5lOSGnGAUb5VT65FDrKA

< End of report >

patcar06 · le 24 juillet 2011

Et enfin le fichier Extras.Txt

OTL Extras logfile created on: 24/07/2011 18:17:00 - Run 1