Il y a actuellement 56 visiteurs
Mardi 16 Octobre 2018
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Faux antivirus, trojan, etc...

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Faux antivirus, trojan, etc...

Message le 01 Fév 2011 21:25

Bonsoir à tous,


Depuis cet après midi, j'ai de gros soucis avec mon PC portable Médion. :-?

En fait, ça fait quelques jours que Avira refusait de se mettre à jour...(échec de la mise à jour systématique)

A part ça, tout allait bien.... :roll:

Je l'ai d'abord désinstallé puis réinstallé mais ça n'a rien arrangé.

Aujourd'hui je téléchargeais des fichiers images de claps de cinéma sur différents sites et tout d'un coup, il m'a ouvert une fenêtre d'alerte d'un antivirus inconnu au bataillon...??? :-? :roll: :o

Il m'avertissait d'une infection grave (Trojan dropper or similar)
Details: Threat: "BankerFox.A" puis ensuite "Win32/ Niqel.E"

A partir de ce moment là, les fenêtres se sont multipliées et de plus en plus rapidement.

Directement, elles m'ont proposé d'acheter un antivirus sur internet et ont commencé à m'ouvrir des fenêtres explorer en quantité.

Tout ça en 10 minutes. J'ai alors coupé ma connexion. :evil:

Je suis venue sur votre site via le PC d'une copine et j'ai suivi les conseils de jeanmimigab dans Préparer sa demande d'aide de désinfection



Seulement maintenant le pc refuse de démarrer OTL et s'est carrément éteint tout seul. Il ne répond plus à rien.

J'ai alors réussi à faire l'analyse OTL avec le script de jeanmimigab en mode sans échec. :P

Voilà le rapport, je crois qu'il y a une belle infection... quelqu'un peut-il m'aider ? J'ai vraiment besoin de mon PC.

Merci d'avance... :wink:

Code: Tout sélectionner
[b]Rapport OTL:[/b]

[color=#0000FF]OTL logfile created on: 1/02/2011 19:19:13 - Run 6
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Famille\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
 
511,00 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 66,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 13,24 Gb Free Space | 35,53% Space Free | Partition Type: NTFS
Drive D: | 23,59 Gb Total Space | 5,56 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive E: | 13,65 Gb Total Space | 8,53 Gb Free Space | 62,45% Space Free | Partition Type: FAT32
Drive F: | 1,91 Gb Total Space | 1,90 Gb Free Space | 99,52% Space Free | Partition Type: FAT
Drive H: | 5,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: | User Name: Famille | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/02/01 18:24:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/02/01 18:24:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2010/12/06 08:47:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/06 08:47:41 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/11/14 12:48:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/02 20:37:45 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002/09/19 22:41:02 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 22:29:30 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 22:27:06 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
SRV - [2001/11/12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/12/06 08:48:06 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/06 08:48:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/25 17:35:56 | 000,025,472 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/11/21 12:28:42 | 000,115,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/11/21 12:28:42 | 000,094,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2008/11/21 12:28:42 | 000,087,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008/11/21 12:28:42 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/10/12 14:07:10 | 000,055,808 | ---- | M] (The SHVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2007/05/23 03:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/05/11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/01/12 19:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/05/19 15:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/07/19 17:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/07/17 21:11:26 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/14 01:00:26 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/26 23:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 10:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/20 22:56:56 | 000,077,925 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/01/20 22:56:30 | 001,086,853 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/01/20 22:55:34 | 000,619,369 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/01/20 22:54:54 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/05 17:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/25 13:28:16 | 000,270,544 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/04/28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001/11/14 19:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 00:47:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 16:31:42 | 000,000,000 | ---D | M]
 
[2010/01/24 16:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions
[2010/01/24 16:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/01 15:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\extensions
[2010/12/02 19:28:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/02 19:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 16:31:05 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/12/10 16:31:05 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/12/10 16:31:05 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/12/10 16:31:06 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/12/10 16:31:07 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/09/03 02:01:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008..\Run: [grpqbovb] C:\Documents and Settings\Famille\Local Settings\temp\juxgjrrve\ldsnoposjmo.exe ()
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008..\Run: [msnmsgr]  File not found
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008..\Run: [Z810PNP]  File not found
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008..\Run: [Z810SysStart]  File not found
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-12O3N.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092937461363 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Fond d'écran.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Fond d'écran.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/01 18:42:52 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/05/11 23:13:39 | 000,000,279 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.0.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.0.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {65367696-7543-9E85-5000-4BBAE297EE2B} - Outlook Express
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6F9FF330-7AA2-A7F4-99CF-7666F65608A8} - Rendu VML (Vector Graphics Rendering)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E95B851E-A712-70E8-1992-568FA2255338} - Internet Explorer
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - mpg4c32.dll File not found
Drivers32: vidc.mp43 - mpg4c32.dll File not found
Drivers32: vidc.mpg4 - mpg4c32.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/02/01 19:13:06 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
[2011/01/30 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Jaquettes De funes
[2011/01/26 12:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Menu Démarrer\Programmes\BTGuard
[2011/01/25 15:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Downloads
[2011/01/25 15:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\Avira
[2011/01/25 15:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira
[2011/01/25 15:00:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/01/25 14:59:54 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/01/25 14:59:54 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/01/25 14:59:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/01/25 14:59:53 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/01/25 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/25 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/22 16:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Vidéos venant du net
[2011/01/22 15:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\BSplayer Pro
[2011/01/22 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 15:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Playmobils
[2011/01/09 21:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Shareaza
[2011/01/09 21:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\Shareaza
[2011/01/09 21:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2009/10/23 13:31:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Famille\Application Data\pcouffin.sys
[2004/01/01 16:10:25 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[146 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/02/01 19:14:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/01 19:11:16 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2011/02/01 19:11:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\dll.dll
[2011/02/01 19:11:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/01 18:49:10 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-12O3N.exe
[2011/02/01 18:49:10 | 000,013,817 | ---- | M] () -- C:\WINDOWS\is-12O3N.msg
[2011/02/01 18:49:10 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/02/01 18:49:10 | 000,000,319 | ---- | M] () -- C:\WINDOWS\is-12O3N.lst
[2011/02/01 18:24:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
[2011/02/01 16:41:35 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 16:34:58 | 000,295,794 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/02/01 16:34:43 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\cryptnet32.dll
[2011/02/01 10:15:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 20:54:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/31 16:45:51 | 000,027,018 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat
[2011/01/25 15:02:16 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/01/19 15:59:38 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Affaire playmobils.doc
[2011/01/16 14:58:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/01/12 14:25:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/01/09 16:21:56 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\PDVD_MediaDisc.PlayList
[146 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/02/01 18:49:10 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-12O3N.exe
[2011/02/01 18:49:10 | 000,013,817 | ---- | C] () -- C:\WINDOWS\is-12O3N.msg
[2011/02/01 18:49:10 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/02/01 18:49:10 | 000,000,319 | ---- | C] () -- C:\WINDOWS\is-12O3N.lst
[2011/02/01 16:34:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2011/02/01 16:34:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dll.dll
[2011/02/01 16:34:44 | 000,295,794 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/02/01 16:34:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll
[2011/01/26 12:06:42 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk
[2011/01/25 15:02:15 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/01/19 15:54:19 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Affaire playmobils.doc
[2011/01/12 14:25:11 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/01/09 16:21:56 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\PDVD_MediaDisc.PlayList
[2010/01/28 13:36:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009/11/16 18:23:35 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/03 22:18:03 | 000,000,031 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/10/23 14:17:48 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/23 13:31:29 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\ezpinst.exe
[2009/10/23 13:31:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.cat
[2009/10/23 13:31:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.inf
[2009/10/23 13:31:29 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.log
[2009/10/21 10:59:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/26 14:17:21 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2009/08/10 20:03:27 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2009/08/01 18:07:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Textures
[2009/08/01 18:07:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Famille\Application Data\SystemConfiguration
[2009/08/01 18:07:43 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Colors
[2009/08/01 18:03:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2009/01/03 16:36:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/03/26 21:25:56 | 000,002,210 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2007/02/16 01:56:49 | 000,011,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\RegKill.sys
[2006/09/17 15:07:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dprsx.dll
[2006/09/17 15:07:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\gpvbd.dll
[2006/09/17 15:07:08 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\AuthDVD.DLL
[2006/07/28 22:46:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2006/07/28 19:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2006/07/28 19:33:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2006/07/28 19:33:16 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2006/07/28 19:30:00 | 000,009,973 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2005/04/11 22:11:13 | 000,011,270 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/03/07 15:51:06 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/02/27 18:10:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/02/27 18:10:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/01/08 11:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/12/20 10:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/12/05 22:50:53 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/10/28 14:41:23 | 000,001,557 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004/10/27 17:10:59 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpcsys.sys.bak
[2004/10/27 16:54:16 | 000,027,018 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat
[2004/10/27 08:35:46 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/27 08:35:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\fusioncache.dat
[2004/09/19 15:53:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/19 13:48:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/20 11:30:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2004/08/19 22:58:38 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/19 19:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2004/08/19 18:30:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/08/19 16:37:22 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/19 16:08:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/08/19 16:06:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2004/08/19 16:05:49 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:00:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/19 14:56:42 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 14:44:08 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/14 06:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/01/01 16:10:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/01 16:03:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004/01/01 15:54:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2004/12/11 14:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/11/24 17:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2008/06/30 21:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/04/17 12:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/14 15:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2004/08/19 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/03/30 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/11/03 22:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2004/11/14 19:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ACD Systems
[2011/01/22 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\BSplayer Pro
[2010/03/03 12:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CheckPoint
[2009/11/11 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\com.adobe.ExMan
[2009/04/08 18:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\LEAPS
[2010/03/25 18:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\NCH Swift Sound
[2009/12/23 17:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Nikon
[2009/10/27 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Opera
[2011/01/10 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Shareaza
[2005/04/06 00:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ThumbsPlus
[2010/04/20 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Uniblue
[2011/02/01 12:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\uTorrent
[2010/07/26 17:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Vso
[2009/11/23 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\VTC Preferences Folder
[2005/02/20 21:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WholeSecurity
[2009/01/05 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Desktop Search
[2009/01/06 20:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Search
[2004/09/19 14:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2009/04/01 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
[2011/02/01 19:14:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/12 14:25:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/12/16 14:58:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2011/01/16 14:58:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2004/12/11 14:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/21 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/02 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2004/08/19 18:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2006/08/03 17:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/24 17:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2011/01/25 14:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/06/30 21:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/04/17 12:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/14 15:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2004/09/19 13:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/07/15 12:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/11/11 19:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/05/11 16:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/12/16 00:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/03/02 17:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/29 00:03:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004/08/19 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/03/30 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/03/26 14:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/19 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/03 22:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/08/10 19:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/01/03 16:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/16 12:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\U3
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2005/10/04 20:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/23 16:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2010/09/30 07:31:04 | 000,081,512 | ---- | M] (Arovax LLC) -- C:\Documents and Settings\All Users\Application Data\Arovax\SmartHide\liveupdate.exe
[1 C:\Documents and Settings\All Users\Application Data\Arovax\SmartHide\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Arovax\SmartHide\*.tmp -> ]
[2010/04/07 20:29:16 | 005,918,776 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2006/04/10 15:25:54 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/09/17 17:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\AccurateRip
[2004/11/14 19:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ACD Systems
[2009/12/23 21:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Adobe
[2007/01/26 23:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\AdobeUM
[2004/08/19 21:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Ahead
[2006/08/03 17:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Apple Computer
[2011/01/25 15:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Avira
[2011/01/22 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\BSplayer Pro
[2010/03/13 19:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CameraWindowDC
[2010/03/13 19:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CANON INC
[2010/03/03 12:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CheckPoint
[2009/11/11 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\com.adobe.ExMan
[2004/10/27 17:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Cyberlink
[2009/08/03 17:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\dvdcss
[2006/09/15 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Google
[2004/11/01 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Help
[2004/08/19 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Identities
[2006/12/16 00:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Intel
[2009/01/03 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Lavasoft
[2009/04/08 18:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\LEAPS
[2004/08/20 11:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Macromedia
[2010/03/02 17:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Malwarebytes
[2009/11/11 23:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Media Player Classic
[2010/11/30 14:14:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Famille\Application Data\Microsoft
[2009/08/11 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Mozilla
[2010/03/25 18:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\NCH Swift Sound
[2009/12/23 17:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Nikon
[2009/10/27 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Opera
[2005/04/09 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Real
[2011/01/10 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Shareaza
[2010/01/24 15:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Sun
[2004/12/06 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Symantec
[2005/04/06 00:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ThumbsPlus
[2010/08/16 12:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\U3
[2010/04/20 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Uniblue
[2011/02/01 12:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\uTorrent
[2006/08/02 13:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\vlc
[2010/07/26 17:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Vso
[2009/11/23 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\VTC Preferences Folder
[2005/02/20 21:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WholeSecurity
[2010/03/16 20:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Winamp
[2009/01/05 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Desktop Search
[2009/01/06 20:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Search
[2009/11/11 18:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WinRAR
[2010/03/13 19:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ZoomBrowser EX
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/10/23 15:20:49 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\ezpinst.exe
[2006/04/05 18:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\U3\temp\cleanup.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\dllcache\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\RDPWD.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Sfloppy.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2004/08/05 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\dllcache\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:splitter.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 19:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys
[2008/04/13 19:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 19:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys
[2008/04/13 19:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 21:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005/05/25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\dllcache\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\TDPIPE.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\dllcache\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/05 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbprint.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 18:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys
[2008/04/13 18:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbscan.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/05 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/05 13:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

< End of report >
Dernière édition par Skynet le 01 Fév 2011 21:41, édité 1 fois.
Raison: Balises [code] ajoutées & titre modifié.
misspc
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 01 Fév 2011 20:25
 


Message le 01 Fév 2011 21:39

hello,

je regarde tout ça... :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Message le 01 Fév 2011 21:45

Bonsoir & bienvenue,

j'ai corrigé votre topic, merci de lire les consignes (en haut du sujet) :

Image

Merci aussi de relire la charte du forum : ICI<==

Et surtout :

3- L'objet (titre et corps) de votre message doit être clair et explicite

1. Faites en sorte que le sujet reflète le contenu de votre message. Evitez les titres du type "Regardez cela..." ou "Urgent !!!".

J'ai donc modifié votre titre.

Bonne continuation.
Avatar de l'utilisateur
Skynet
Moderateur
Moderateur
 
Messages: 14806
Inscription: 19 Juil 2007 22:12
 

Re: *** SOS INFECTION GRAVE ! Mayday, mayday !!! ***

Message le 01 Fév 2011 21:50

Grilled!
Une Idéfix ... Etre et durer.
Avatar de l'utilisateur
danakil
Expert(e)
Expert(e)
 
Messages: 1363
Inscription: 16 Juil 2009 10:47
 

Re: Faux antivirus, trojan, etc...

Message le 01 Fév 2011 21:51

re,

En effet, c'est du lourd :-?

/!\ Procédure a faire en mode sans échec /!\

Fais un scanne avec Malwarebyte, supprime tout ce qu'il trouvera en accèptant le redémarrage du PC si malwarebyte te le demande.
Poste le rapport, ainsi qu'un nouveau rapport OTL ( effectué après le reboot du PC par Malwarebyte )

EDIT: coucou Danakil :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Re: Faux antivirus, trojan, etc...

Message le 01 Fév 2011 22:29

Hello jeanmimigab,

C'est super sympa de bien vouloir t'occuper de "mon cas" :oops: !

Je vais faire ça mais j'espère arriver à mes fins parce que je ne trouve pas de version de malwarebytes de moins de 53 jours et je n'ai plus accès au réseau pour l'instant avec mon PC pour la mettre à jour.... :-?
Celle que j'ai provient du PC de la copine qui vient à mon secours.

PS:Sinon, merci pour l'accueil Skynet, je promets de faire tout mon possible pour la mise en forme de mes messages en fonction des règles du forum :cry:
Ça devrait venir très vite, merci de votre patience..... :wink:
Ah oui...merci pour le Grilled danakil . :-?
misspc
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 01 Fév 2011 20:25
 

Re: Faux antivirus, trojan, etc...

Message le 01 Fév 2011 22:32

re,

ne te focalise pas sur Malwarebytes, si cela galère, dis le moi et on enchainera sur un script OTL :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Re: Faux antivirus, trojan, etc...

Message le 01 Fév 2011 22:52

En fait, j'arrive pas à faire la mise à jour de Malwarebytes.

A ton avis, ça vaut la peine de le faire avec l'ancienne version ? :roll:
misspc
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 01 Fév 2011 20:25
 

Message le 01 Fév 2011 23:23

inutile de faire le scanne si le BDS est trop vieille, je te prépare une procédure qui devrais te permettre de redémarrer en mode normal et faire la MAJ de malwarebytes, laisse moi un bon quart d'heure :wink:

EDIT :

re,

Lis bien cette procédure en entier avant de commencer les manipulation...


* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\WINDOWS\System32\crt.dat
C:\WINDOWS\System32\dll.dll
C:\WINDOWS\is-12O3N.exe
C:\WINDOWS\is-12O3N.msg
C:\WINDOWS\is-12O3N.lst
C:\WINDOWS\System32\shimg.dll
C:\WINDOWS\System32\cryptnet32.dll

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 => Infection Rogue (Rogue.AntimalwareDoctor)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 => Infection Rogue (Rogue.AntimalwareDoctor)
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8992
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Run: [grpqbovb] C:\Documents and Settings\Famille\Local Settings\temp\juxgjrrve\ldsnoposjmo.exe () => Infection Rogue (Trojan.FakeAlert)
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Run: [msnmsgr] File not found
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-12O3N.exe ()
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Run: [Z810PNP] File not found
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Run: [Z810SysStart] File not found
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-12O3N.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present => Control Panel Present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present => Control Panel Present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present => Control Panel Present
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present => Control Panel Present
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll () => Infection BT (Trojan.Tracur)
O32 - AutoRun File - [2011/02/01 18:42:52 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ] => Légitime or Malware (Worm.Mabezat)
O32 - AutoRun File - [2006/05/11 23:13:39 | 000,000,279 | R--- | M] () - H:\autorun.inf -- [ CDFS ] => Légitime or Malware (Worm.Mabezat)

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]



* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...( une fois toute la procédure finie )
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

ensuite, une fois que le pc a redémarrer...


Ensuite...vérifie deux choses stp...


o Dans Firefox Menu "outils" > "options".
o Cliques sur en haut à droite sur "Avancé" > "onglet "réseau" > à la rubrique "connexions",cliques sur paramètres.
o Vérifie que "pas de proxy" soit bien cochée.
o Fermes les fenêtre en cliquant sur "OK".
Image

ensuite...

o Ouvres Internet Explorer,cliques sur le menu "Outils" > "Options Internet".
o A l'onglet "Connexions" > cliques en bas à droite sur "paramètres réseaux".
o Si la case "utiliser un serveur proxi pour votre réseau local" est cochée,décoches la...
o Quittes les fenêtre par "OK" et "Appliquer".

Redémarre ton PC

Tente la mise à jour de malwarebyte et fais un scanne pour me poster le rapport avec celui d'OTL :wink:
Dernière édition par Skynet le 01 Fév 2011 23:25, édité 1 fois.
Raison: Messages fusionnés.
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Re: Faux antivirus, trojan, etc...

Message le 01 Fév 2011 23:42

OK, en fait, c'est tout simple !... :wink:

Je fais ça tout de suite et te tiens au courant. Merci. :)

RE,

Jusqu'à présent, ça marche:

J'ai le rapport d'OTL et j'ai fait le nécessaire pour les proxys: il n'y en avait pas... :o

Une fois le PC redémarré, tout a semblé calme et j'ai pu établir la connection et faire la mise à jour de Malwarebytes.

Il est entrain d'analyser....Voilà déjà le rapport OTL :)

Code: Tout sélectionner
All processes killed
========== FILES ==========
C:\WINDOWS\System32\crt.dat moved successfully.
File\Folder C:\WINDOWS\System32\dll.dll not found.
C:\WINDOWS\is-12O3N.exe moved successfully.
C:\WINDOWS\is-12O3N.msg moved successfully.
C:\WINDOWS\is-12O3N.lst moved successfully.
C:\WINDOWS\System32\shimg.dll moved successfully.
C:\WINDOWS\System32\cryptnet32.dll moved successfully.
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2917347797-3027105718-829246846-1008\\Software\Microsoft\Windows\CurrentVersion\Run\\grpqbovb deleted successfully.
C:\Documents and Settings\Famille\Local Settings\temp\juxgjrrve\ldsnoposjmo.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2917347797-3027105718-829246846-1008\\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\WINDOWS\is-12O3N.exe not found.
Registry value HKEY_USERS\S-1-5-21-2917347797-3027105718-829246846-1008\\Software\Microsoft\Windows\CurrentVersion\Run\\Z810PNP deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2917347797-3027105718-829246846-1008\\Software\Microsoft\Windows\CurrentVersion\Run\\Z810SysStart deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\WINDOWS\is-12O3N.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel  => Control Panel Present\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel  => Control Panel Present\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel  => Control Panel Present\ not found.
Registry key HKEY_USERS\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel  => Control Panel Present\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully.
File C:\WINDOWS\System32\cryptnet32.dll () => Infection BT not found.
File  not found.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Famille
->Temp folder emptied: 171588218 bytes
->Temporary Internet Files folder emptied: 1674955 bytes
->Java cache emptied: 748010 bytes
->FireFox cache emptied: 55291055 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 37515 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 378880 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13707782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 232,00 mb
 
 
[EMPTYFLASH]
 
User: Administrateur
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Famille
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02012011_223735

Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
misspc
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 01 Fév 2011 20:25
 

Re: Faux antivirus, trojan, etc...

Message le 02 Fév 2011 00:05

hello,

quand tu auras poster les rapports,évite de te servir du pc et surtout laisse le déconnecté d'internet (si tu as un câble réseaux, débranche le et si tu es en wifi déconnecte toi su réseaux sans fil )

je regarde tout cela demain, je doit filer au dodo car demain je me lève tôt...



Bonne nuit à demain :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Re: Faux antivirus, trojan, etc...

Message le 02 Fév 2011 01:21

D'accord, je crois que je vais laisser travailler Malwarebytes pendant la nuit sinon je crains aussi de ne pas dormir... :-?

Je mettrai le rapport en ligne, demain, sur le temps de midi...

T'inquiète,il est déconnecté et je risque pas de l'utiliser.

Si tu lis ça demain matin Bonne journée et à tout à l'heure ! :D


Hello,

Voilà, Malwarebytes a travaillé toute la nuit... :o

Il a trouvé des infections, je les ai supprimées et j'ai redémarré le PC (non connecté)

J'attends de tes nouvelles avant de toucher à quoi que ce soit. :wink: (le rapport de OTL est plus haut)

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5656

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/02/2011 10:51:46
mbam-log-2011-02-02 (10-51-46).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 216212
Temps écoulé: 11 heure(s), 21 minute(s), 19 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\ineufbr1v (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\Famille\Bureau\photoshop cs5\photoshop décompressé\adobe photoshop cs5 extended\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\02012011_223735\c_documents and settings\Famille\local settings\temp\juxgjrrve\ldsnoposjmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\02012011_223735\c_windows\System32\cryptnet32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
 
misspc
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 01 Fév 2011 20:25
 

Re: Faux antivirus, trojan, etc...

Message le 02 Fév 2011 20:51

hello,

peux tu faire un scan OTL comme tu l'as fais la première fois et me poster le rapport stp...

si tu peux, fais le scan en mode normal :wink:
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Re: Faux antivirus, trojan, etc...

Message le 02 Fév 2011 21:21

Re,

Je viens de rentrer.

Je refais le scan tout de suite... :wink:


Voilà le rapport OTL...

D'autre part, peu après la fin du rapport, une fenêtre avira s'est ouverte m'indiquant:

"Guard: Autorun bloqué
Pour votre sécurité, l'accès au fichier
F: Autorun.inf a été bloqué.
Vous trouverez d'autres informations à ce sujet dans l'aide."


Ça te dit quoi tout ça? :o

Rapport OTL:

Code: Tout sélectionner
OTL logfile created on: 2/02/2011 20:25:42 - Run 7
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Famille\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy
 
511,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 30,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 12,98 Gb Free Space | 34,82% Space Free | Partition Type: NTFS
Drive D: | 23,59 Gb Total Space | 5,56 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive E: | 13,65 Gb Total Space | 8,53 Gb Free Space | 62,45% Space Free | Partition Type: FAT32
Drive F: | 1,91 Gb Total Space | 1,90 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Drive H: | 5,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: M | User Name: Famille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/02/01 18:24:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
PRC - [2010/12/06 08:47:54 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/06 08:47:41 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/06 08:47:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/06 13:49:28 | 000,073,728 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2004/08/06 13:04:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2004/07/26 14:39:26 | 000,049,152 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2004/07/26 13:52:34 | 000,204,800 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2004/02/26 15:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003/12/05 10:44:34 | 000,233,472 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
PRC - [2003/07/25 13:49:06 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/06/20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/06/10 17:49:40 | 000,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2002/09/19 22:29:30 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/02/01 18:24:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/07/25 13:48:40 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2010/12/06 08:47:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/06 08:47:41 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/11/14 12:48:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/02 20:37:45 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 08:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002/09/19 22:41:02 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 22:29:30 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 22:27:06 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
SRV - [2001/11/12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/12/06 08:48:06 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/06 08:48:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/17 23:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/25 17:35:56 | 000,025,472 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/11/21 12:28:42 | 000,115,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/11/21 12:28:42 | 000,094,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2008/11/21 12:28:42 | 000,087,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008/11/21 12:28:42 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/10/12 14:07:10 | 000,055,808 | ---- | M] (The SHVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2007/05/23 03:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/05/11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/03/05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/01/12 19:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/05/19 15:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/07/19 17:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/07/17 21:11:26 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/14 01:00:26 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/26 23:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 10:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/20 22:56:56 | 000,077,925 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/01/20 22:56:30 | 001,086,853 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/01/20 22:55:34 | 000,619,369 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/01/20 22:54:54 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/05 17:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/25 13:28:16 | 000,270,544 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/04/28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001/11/14 19:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 00:47:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 16:31:42 | 000,000,000 | ---D | M]
 
[2010/01/24 16:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions
[2010/01/24 16:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/01 15:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\extensions
[2010/12/02 19:28:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/02 19:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 16:31:05 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/12/10 16:31:05 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/12/10 16:31:05 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/12/10 16:31:06 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/12/10 16:31:07 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/09/03 02:01:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092937461363 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll -  File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Fond d'écran.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Fond d'écran.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/01 18:42:52 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/05/11 23:13:39 | 000,000,279 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.0.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.0.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {65367696-7543-9E85-5000-4BBAE297EE2B} - Outlook Express
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6F9FF330-7AA2-A7F4-99CF-7666F65608A8} - Rendu VML (Vector Graphics Rendering)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E95B851E-A712-70E8-1992-568FA2255338} - Internet Explorer
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - mpg4c32.dll File not found
Drivers32: vidc.mp43 - mpg4c32.dll File not found
Drivers32: vidc.mpg4 - mpg4c32.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/02/01 23:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/02/01 23:01:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/01 23:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/01 23:01:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/01 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/01 23:00:10 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Famille\Bureau\mbam-setup-1.50.1.1100.exe
[2011/02/01 22:37:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/01 22:01:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/01 19:13:06 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
[2011/01/26 12:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Menu Démarrer\Programmes\BTGuard
[2011/01/25 15:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Downloads
[2011/01/25 15:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\Avira
[2011/01/25 15:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira
[2011/01/25 15:00:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/01/25 14:59:54 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/01/25 14:59:54 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/01/25 14:59:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/01/25 14:59:53 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/01/25 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/25 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/22 16:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Vidéos venant du net
[2011/01/22 15:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\BSplayer Pro
[2011/01/22 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2011/01/12 15:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Playmobils
[2011/01/09 21:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Shareaza
[2011/01/09 21:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\Shareaza
[2011/01/09 21:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2009/10/23 13:31:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Famille\Application Data\pcouffin.sys
[2004/01/01 16:10:25 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/02/02 20:17:39 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/02 20:15:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/02 20:14:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/02 20:14:22 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/01 23:01:47 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/02/01 21:54:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Famille\Bureau\mbam-setup-1.50.1.1100.exe
[2011/02/01 18:24:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe
[2011/02/01 16:41:35 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:54:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/31 16:45:51 | 000,027,018 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat
[2011/01/25 15:02:16 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/01/19 15:59:38 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Affaire playmobils.doc
[2011/01/16 14:58:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/01/12 14:25:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/01/09 16:21:56 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\PDVD_MediaDisc.PlayList
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/02/01 23:01:47 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/02/01 22:42:22 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/26 12:06:42 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk
[2011/01/25 15:02:15 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/01/19 15:54:19 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Affaire playmobils.doc
[2011/01/12 14:25:11 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/01/09 16:21:56 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\PDVD_MediaDisc.PlayList
[2010/01/28 13:36:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009/11/16 18:23:35 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/03 22:18:03 | 000,000,031 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/10/23 14:17:48 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/23 13:31:29 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\ezpinst.exe
[2009/10/23 13:31:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.cat
[2009/10/23 13:31:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.inf
[2009/10/23 13:31:29 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.log
[2009/10/21 10:59:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/26 14:17:21 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2009/08/10 20:03:27 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2009/08/01 18:07:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Textures
[2009/08/01 18:07:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Famille\Application Data\SystemConfiguration
[2009/08/01 18:07:43 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Colors
[2009/08/01 18:03:49 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2009/01/03 16:36:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/03/26 21:25:56 | 000,002,210 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2006/09/17 15:07:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dprsx.dll
[2006/09/17 15:07:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\gpvbd.dll
[2006/09/17 15:07:08 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\AuthDVD.DLL
[2006/07/28 22:46:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini
[2006/07/28 19:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2006/07/28 19:33:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2006/07/28 19:33:16 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2006/07/28 19:30:00 | 000,009,973 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2005/04/11 22:11:13 | 000,011,270 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/03/07 15:51:06 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/02/27 18:10:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/02/27 18:10:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/01/08 11:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/12/20 10:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/12/05 22:50:53 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/10/28 14:41:23 | 000,001,557 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004/10/27 17:10:59 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpcsys.sys.bak
[2004/10/27 16:54:16 | 000,027,018 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat
[2004/10/27 08:35:46 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/27 08:35:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\fusioncache.dat
[2004/09/19 15:53:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/19 13:48:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/20 11:30:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2004/08/19 22:58:38 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/19 19:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2004/08/19 18:30:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/08/19 16:37:22 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/19 16:08:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/08/19 16:06:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2004/08/19 16:05:49 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:00:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/19 14:56:42 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 14:44:08 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/14 06:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2004/01/01 16:10:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/01 16:03:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004/01/01 15:54:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2004/12/11 14:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/11/24 17:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2008/06/30 21:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/04/17 12:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/14 15:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2004/08/19 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/03/30 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/11/03 22:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2004/11/14 19:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ACD Systems
[2011/01/22 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\BSplayer Pro
[2010/03/03 12:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CheckPoint
[2009/11/11 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\com.adobe.ExMan
[2009/04/08 18:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\LEAPS
[2010/03/25 18:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\NCH Swift Sound
[2009/12/23 17:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Nikon
[2009/10/27 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Opera
[2011/01/10 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Shareaza
[2005/04/06 00:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ThumbsPlus
[2010/04/20 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Uniblue
[2010/07/26 17:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Vso
[2009/11/23 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\VTC Preferences Folder
[2005/02/20 21:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WholeSecurity
[2009/01/05 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Desktop Search
[2009/01/06 20:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Search
[2004/09/19 14:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2009/04/01 13:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\X10 Commander
[2011/02/02 20:17:39 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/12 14:25:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/12/16 14:58:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2011/01/16 14:58:04 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2004/12/11 14:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/21 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/02 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2004/08/19 18:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2006/08/03 17:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/24 17:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2011/01/25 14:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/06/30 21:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/04/17 12:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/14 15:09:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2004/09/19 13:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/11/11 19:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/05/11 16:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/12/16 00:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011/02/01 23:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/29 00:03:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004/08/19 16:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/03/30 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/03/26 14:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/08/19 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/03 22:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/08/10 19:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/01/03 16:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/08/16 12:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\U3
[2009/08/01 18:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2005/10/04 20:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/23 16:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2010/09/30 07:31:04 | 000,081,512 | ---- | M] (Arovax LLC) -- C:\Documents and Settings\All Users\Application Data\Arovax\SmartHide\liveupdate.exe
[1 C:\Documents and Settings\All Users\Application Data\Arovax\SmartHide\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Arovax\SmartHide\*.tmp -> ]
[2006/04/10 15:25:54 | 000,950,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/09/17 17:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\AccurateRip
[2004/11/14 19:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ACD Systems
[2009/12/23 21:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Adobe
[2007/01/26 23:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\AdobeUM
[2004/08/19 21:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Ahead
[2006/08/03 17:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Apple Computer
[2011/01/25 15:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Avira
[2011/01/22 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\BSplayer Pro
[2010/03/13 19:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CameraWindowDC
[2010/03/13 19:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CANON INC
[2010/03/03 12:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CheckPoint
[2009/11/11 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\com.adobe.ExMan
[2004/10/27 17:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Cyberlink
[2009/08/03 17:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\dvdcss
[2006/09/15 19:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Google
[2004/11/01 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Help
[2004/08/19 14:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Identities
[2006/12/16 00:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Intel
[2009/01/03 16:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Lavasoft
[2009/04/08 18:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\LEAPS
[2004/08/20 11:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Macromedia
[2010/03/02 17:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Malwarebytes
[2009/11/11 23:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Media Player Classic
[2010/11/30 14:14:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Famille\Application Data\Microsoft
[2009/08/11 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Mozilla
[2010/03/25 18:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\NCH Swift Sound
[2009/12/23 17:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Nikon
[2009/10/27 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Opera
[2005/04/09 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Real
[2011/01/10 01:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Shareaza
[2010/01/24 15:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Sun
[2004/12/06 18:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Symantec
[2005/04/06 00:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ThumbsPlus
[2010/08/16 12:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\U3
[2010/04/20 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Uniblue
[2006/08/02 13:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\vlc
[2010/07/26 17:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Vso
[2009/11/23 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\VTC Preferences Folder
[2005/02/20 21:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WholeSecurity
[2010/03/16 20:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Winamp
[2009/01/05 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Desktop Search
[2009/01/06 20:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Search
[2009/11/11 18:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WinRAR
[2010/03/13 19:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ZoomBrowser EX
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/10/23 15:20:49 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\ezpinst.exe
[2006/04/05 18:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\U3\temp\cleanup.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2004/08/05 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\dllcache\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\RDPWD.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Sfloppy.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2004/08/05 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\dllcache\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:splitter.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 19:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys
[2008/04/13 19:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 19:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys
[2008/04/13 19:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 21:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005/05/25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\dllcache\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\TDPIPE.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\dllcache\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/05 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbprint.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 18:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys
[2008/04/13 18:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbscan.sys
[2009/01/05 10:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/05 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/05 13:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

< End of report >
misspc
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 01 Fév 2011 20:25
 

Re: Faux antivirus, trojan, etc...

Message le 02 Fév 2011 22:40

hello,

évite d'éditer tes message, clique plutôt sur "répondre", car dans ce cas je ne reçois pas de notifications pour tes réponses :wink:

C'est plutôt bien, pour l'autorun.inf, c'est normal...on va s'en occuper

fais cela stp...

Avant tout ouvre l'interface d'Antivir et désactive la protection autorun comme cela...

  1. Clique en haut à droite sur "configuration"
  2. Coche la case "Mode expert"
  3. Développe "Guard" > "Recherche" et clique sur "Action si résultat positif"
  4. Décoche dans la partie droite la case "Bloquer la fonction d'autodémarrage"
  5. Valide ces nouveaux paramètres en cliquant en bas de la fenêtre sur "Accepter"
Image

Ensuite...


Télécharge USBFix sur ton bureau

Branche tes supports de stockages à ton pc en prenant soins de les mettre en route si nécessaire, mais ne les ouvres surtout pas et si une fenêtre d'exécution automatique de Windows s'ouvre pour te demander ce que tu veux faire, ferme cette fenêtre.


  • Fais un double-clic dessus pour le lancer
  • Fais le choix "Suppression", laisse travailler USBFix et redémarre impérativement ton PC.



Il me faut donc le rapport "C:\UsbFix.txt"
"Ce que tu gardes pour toi s'en ira mourir... C'est ce que tu donnes qui te restera" (JF Bernardini / I muvrini )
Image
.1948 | 2012
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2982
Inscription: 29 Nov 2009 13:05
 

Suivante


Sujets similaires

Message Fin protection antivirus payant bitdefender. Quel meilleur a
Bonjour, alors voilà j'avais sur mon PC un antivirus payant d'installé. Bitdefender. Quel antivirus gratuit me conseillez vous? J'ai eu il y a quelques années avast mais peut être qu'il y en aurait des plus efficaces non?Merci d'avance.
Réponses: 2

Message Antivirus ?
Bonjour,J'utilise depuis quelques années AVG Antivirus Free Edition et j'en suis pleinement satisfait, et par curiosité j'ai recherché sur internet quelles étaient les autres solutions qui existaient, et je suis tombé sur quelques sites qui disent qu'avec Windows 10, il n'y a plus vraiment besoin d' ...
Réponses: 4

Message [Réglé] Attaques bloquées en permanence par mon antivirus
Bonjour,Mon ordi a été victime de 3577 attaques bloquées sur les 30 derniers jours. C'est énorme c'est 1 à 3 attaques par minute. Voici les adresses qui apparaissent dans mon antivirus :Le temps de rédiger mon message mon antivirus a bloqué 43 attaques. Je ne sais pas ce que je peux faire pour que ç ...
Réponses: 25

Message Meilleur antivirus 2017
Bonjour, Je suis nouveau sur ce forum et pour le moment j'ai acheté un pc portable ASUS Chromebook C201PA DS02. Je cherche un bon antivirus pour mon système. Autrefois je me servais de Comodo, mais je n'étais pas en satisfait. Quels seront vos conseils?Merci à tous!
Réponses: 12

Message trojan.CertLock
Bonjour, J' ai un souci d'ordinateur j'ai un trojan.CertLock j 'ai tenté de le supprimer avec spyboot avast malwarebytes zhp cleaner emisoftantimalware en vain :-((( j' ai tenté de passer tout ces antivirusmalwares en mode sans échec sans prise en charge réseau en vain également :-((.desfois tout ce ...
Réponses: 2

Message AVG Free Antivirus, certaines fonctions inopérantes
Bonjour.Lorsque je planifie un scan, le scan ne se lance pas à la date et à l'heure prédéfinie. En fait, il ne se passe rien. Voici les captures d'écran de paramétrage:https://www.flickr.com/photos/36478651@ ... /lightbox/https://www.flickr.com/photos/36478651@ ... /lightbox/https://www.flickr.com/p ...
Réponses: 2

Message antivirus pour ubuntu est necessaire ? [résolu]
Bonjour, je viens d'installer ubuntu 8.10 est se qu'il est necessaire d'installer un antivirus? sinon, pourquoi il existe des versions d'antivirus pour ubuntu?! si oui, lequel je dois installer ? merci
Réponses: 9


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 8 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.