S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
1060 utilisateurs connectés
Forum de 01net / Sécurité / TR/Dldr.FraudLo.sxm resolu

TR/Dldr.FraudLo.sxm resolu

jujuay le 14 aout 2009 à 20h55
:hurle:
bonjour je viens juste de rentrer de vac et la au surprise j allume l ordi et antivir n arrete pas de se mettre en alarme meme sans naviguer sur le net
je suis infecte j ai verifie avec malwarebytes et antivir j ai esaye de nettoye mais ils restent
merci de votre aide

TR/Trash.Gen' [trojan]
Dans le fichier 'C:\WINDOWS\system32\wisdstr.exe'
un virus ou un programme indésirable 'TR/Dldr.FraudLo.sxm' [trojan] a été détecté.
Action exécutée : Refuser l'accès

-->Message édité par jujuay le 22/08/2009 09:10:12<--
répondre
Curson le 14 aout 2009 à 21h25
Bonsoir,

Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis.
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note.

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 14 aout 2009 à 21h28
merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:01, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\judon\msword98.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jujuay72500.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BroadWave (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9655 bytes
répondre
jujuay le 14 aout 2009 à 21h30
bonsoir je n ai plus de pare feu je n arrive plus a active le pare feu windoow il est grise
je pense que c du a l infection
répondre
Curson le 14 aout 2009 à 21h32
Bonsoir,

Très infecté.
Désactive tes logiciels de sécurité durant la procédure.

Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche "Minimal Output". Fais de même avec "Scan All Users".
- Coche également les cases à côté de "LOP Check" et "Purity Check".
- Dans la zone Extra Registry, coche "Use Safelist".

Ne modifie pas les autres paramètres !

- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 14 aout 2009 à 21h48
OTL logfile created on: 14/08/2009 21:44:43 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\judon\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,76 Gb Available in Paging File | 93,88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145,95 Gb Total Space | 90,59 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive D: | 43,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUDONDELL
Current User Name: judon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe (NCH Software)
PRC - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe ()
PRC - C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe ()
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
PRC - C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Neuf\Kit\WiFi\9wifi.exe (Neuf)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\IncrediMail\bin\IMApp.exe (IncrediMail, Ltd.)
PRC - C:\WINDOWS\System32\braviax.exe ()
PRC - C:\WINDOWS\System32\msword98.exe ()
PRC - C:\WINDOWS\System32\braviax.exe ()
PRC - C:\Documents and Settings\judon\Bureau\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (BroadWaveService [Auto | Running]) -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe (NCH Software)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01 [Auto | Running]) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (naunkt55u81 [Auto | Running]) -- C:\WINDOWS\System32\drivers\naunkt55u81.sys ()
DRV - (NCHSSVAD [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (Ntfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\ntfs.sys ()
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PCASp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (prodrv06 [System | Running]) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prohlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prosync1 [Boot | Running]) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RT2500USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfhlp01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (ssmdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V0220Dev [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\V0220Dev.sys (Creative Technology Ltd.)
DRV - (V0220Vfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\S-1-5-21-571085115-3119912232-2712011085-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\S-1-5-21-571085115-3119912232-2712011085-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Rechercher"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.00
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar&search="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/19 22:24:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/10 23:03:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/20 10:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/26 08:45:27 | 00,000,000 | ---D | M]

[2008/10/09 14:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Extensions
[2008/08/30 15:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/10/09 14:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/08/14 15:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions
[2009/03/25 09:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/07/20 10:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 11:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/21 09:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/08/30 10:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2009/08/14 15:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/31 17:38:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\mozilla\Firefox\Profiles\r61o1v92.default\extensions\fsonlinescanner@f-secure.com
[2007/05/12 13:10:30 | 00,001,830 | ---- | M] () -- C:\Documents and Settings\judon\Application Data\Mozilla\FireFox\Profiles\r61o1v92.default\searchplugins\LiveSearch.xml
[2009/08/14 14:56:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/08/31 15:19:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/20 10:54:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/10 18:30:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/12/10 23:03:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/07 16:59:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/14 14:56:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/16 00:31:52 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/16 00:31:52 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/07/26 04:50:16 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/07/26 04:51:08 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/16 00:31:52 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/10/11 21:41:42 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/09/26 13:03:14 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/07/15 21:03:50 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/07/15 21:03:50 | 00,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/07/15 21:03:50 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/07/15 21:03:50 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 21:03:50 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/07/15 21:03:50 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (320788 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11016 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Autoconfigurateur WiFi Neuf] C:\Program Files\Neuf\Kit\WiFi\9wifi.exe (Neuf)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [msword98] C:\WINDOWS\System32\msword98.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [rts] C:\WINDOWS\rts.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [braviax] File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [braviax] File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005..\Run: [braviax] File not found
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005..\Run: [msword98] C:\Documents and Settings\judon\msword98.exe ()
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\judon\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://jujuay72500.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://securite.neuf.fr/Ols/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 14:18:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/08/14 21:40:03 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\judon\Bureau\OTL.exe
[2009/08/14 20:34:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/14 20:34:08 | 00,026,686 | ---- | C] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/14 20:34:05 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/14 18:57:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp01
[2009/08/14 16:18:37 | 00,050,688 | ---- | C] () -- C:\WINDOWS\rts.exe
[2009/08/14 16:18:37 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\naunkt55u81.sys
[2009/08/14 14:36:11 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/07/31 17:56:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/07/27 18:50:35 | 03,219,948 | ---- | C] (Canneverbe Limited ) -- C:\Documents and Settings\judon\Bureau\cdbxp_setup_4.2.4.1430.exe
[2009/07/26 10:21:25 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\judon\Bureau\Wow Cartographe.lnk
[2009/07/26 10:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\WowCartographe
[2009/07/25 18:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\judon\Application Data\Acreon
[2009/07/25 18:41:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\judon\Local Settings\Application Data\._Revolution_
[2009/07/25 12:01:07 | 00,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\World of Warcraft.lnk
[2009/07/25 12:01:07 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2009/07/25 11:58:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/07/21 11:40:00 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/21 11:28:08 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/21 11:28:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/21 11:28:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/21 11:28:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/21 11:28:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/21 11:28:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/21 11:28:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/21 11:28:08 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/20 09:35:07 | 00,000,541 | ---- | C] () -- C:\Documents and Settings\judon\Bureau\Raccourci vers champagne.iwp.lnk
[2009/07/20 09:35:00 | 00,000,393 | ---- | C] () -- C:\Documents and Settings\judon\Bureau\Raccourci vers Montravail.lnk
[2009/07/19 19:04:59 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/07/18 13:23:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/07/18 13:23:13 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/18 13:23:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/07/18 13:23:03 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/18 10:01:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/07/18 08:53:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/07/18 08:28:17 | 01,472,000 | ---- | C] () -- C:\Documents and Settings\judon\Bureau\WindowsLiveSync.msi
[2009/07/17 15:41:51 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/06/17 17:34:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2009/04/30 09:23:39 | 00,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/04/30 09:17:07 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/07/28 18:52:28 | 00,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/03/30 11:20:54 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/01/13 17:16:49 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/01/12 11:56:32 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/01/12 11:54:33 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini
[2007/11/22 16:41:12 | 00,000,007 | ---- | C] () -- C:\WINDOWS\cdtqtechec.ini
[2007/11/01 21:14:00 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/11/01 21:13:59 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/07/26 04:53:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 04:49:28 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/05/18 18:39:48 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2007/05/05 09:30:34 | 00,000,545 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/02/28 17:22:58 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/01/14 21:03:37 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\476E4A4BDB.sys
[2007/01/14 21:03:23 | 00,006,216 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/13 14:32:12 | 00,000,200 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/01/13 14:29:14 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/13 14:28:43 | 00,003,431 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/01/13 11:48:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/13 11:24:22 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/01/13 11:24:22 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/01/13 11:24:18 | 01,483,776 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[2007/01/08 18:33:54 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/08 18:33:54 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/01/08 16:31:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/07 00:49:36 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/04/06 23:01:12 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/06 22:32:28 | 00,000,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 14:27:50 | 00,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 14:14:48 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 14:03:53 | 00,000,586 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/19 14:03:50 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/19 14:03:40 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/04/03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/08/14 21:40:04 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\judon\Bureau\OTL.exe
[2009/08/14 20:34:08 | 00,026,686 | ---- | M] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/14 20:34:05 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/14 19:39:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/14 19:35:54 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/14 19:32:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/14 19:32:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/14 19:31:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/14 19:31:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/14 19:06:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/14 19:06:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/14 18:35:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/14 18:35:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/14 18:05:26 | 00,192,000 | ---- | M] () -- C:\Documents and Settings\judon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/14 17:56:50 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/14 16:27:54 | 00,320,788 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/14 16:18:37 | 00,003,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\naunkt55u81.sys
[2009/08/14 16:10:16 | 00,050,688 | ---- | M] () -- C:\WINDOWS\rts.exe
[2009/08/14 16:08:25 | 00,320,788 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090814-162754.backup
[2009/08/14 15:38:39 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/14 15:38:39 | 00,000,172 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/14 14:49:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/14 14:49:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/14 14:42:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/08/14 14:42:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/14 14:36:11 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009/08/14 14:36:11 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/08/14 13:27:18 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\judon\Mes documents\Mes dossiers de partage.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/27 18:50:39 | 03,219,948 | ---- | M] (Canneverbe Limited ) -- C:\Documents and Settings\judon\Bureau\cdbxp_setup_4.2.4.1430.exe
[2009/07/26 10:24:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\judon\Bureau\Wow Cartographe.lnk
[2009/07/25 16:52:11 | 00,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\World of Warcraft.lnk
[2009/07/25 07:44:30 | 01,081,086 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/25 07:44:30 | 00,511,874 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/07/25 07:44:30 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/25 07:44:30 | 00,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/07/25 07:44:30 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/25 05:23:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/25 05:23:07 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/25 05:23:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/25 03:55:11 | 00,006,216 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/25 03:55:10 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\476E4A4BDB.sys
[2009/07/25 03:00:33 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/22 10:49:47 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/21 11:36:02 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/20 09:35:07 | 00,000,541 | ---- | M] () -- C:\Documents and Settings\judon\Bureau\Raccourci vers champagne.iwp.lnk
[2009/07/20 09:35:00 | 00,000,393 | ---- | M] () -- C:\Documents and Settings\judon\Bureau\Raccourci vers Montravail.lnk
[2009/07/19 19:01:40 | 00,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/19 18:45:00 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:45:00 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 15:15:02 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 15:15:02 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/18 15:19:13 | 00,316,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090814-160825.backup
[2009/07/18 14:13:20 | 00,107,680 | ---- | M] () -- C:\Documents and Settings\judon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/18 10:09:06 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090718-151913.backup
[2009/07/18 08:28:22 | 01,472,000 | ---- | M] () -- C:\Documents and Settings\judon\Bureau\WindowsLiveSync.msi

========== LOP Check ==========

[2006/04/06 22:54:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur\Application Data
[2006/04/06 22:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Corel
[2006/04/06 22:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/07/31 17:56:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/03/30 11:24:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/07/25 11:58:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2007/06/08 20:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2009/02/15 10:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/01/12 11:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/01/20 12:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2009/07/31 17:56:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/11/26 21:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/08/22 18:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/08/22 18:42:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2007/12/29 01:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/06/08 21:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2007/05/05 19:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/01/22 20:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania
[2007/12/28 11:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/03/05 21:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/01/21 21:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2004/08/19 14:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/23 12:40:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/09 14:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2007/12/22 17:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/01/12 12:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/02/01 19:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2006/04/06 22:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/19 18:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2006/04/06 22:54:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2006/04/06 22:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Corel
[2006/04/06 22:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
[2009/08/14 19:40:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\judon\Application Data
[2008/01/19 14:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Abra Academy2
[2009/07/25 18:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Acreon
[2007/12/28 12:04:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Ahead
[2008/03/30 11:24:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\AVS4YOU
[2006/04/06 22:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Corel
[2007/01/20 15:29:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Corel Photo Album
[2007/02/12 13:40:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Disney Interactive
[2007/11/01 20:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\DVD Flick
[2008/08/26 20:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\EPSON
[2009/06/19 16:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\FOG Downloader
[2007/08/24 19:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Leadertech
[2007/03/05 10:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Micro Application
[2007/01/12 12:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\MSNInstaller
[2008/04/23 16:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\My Games
[2008/04/23 20:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\My Stitch
[2009/06/19 17:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\NCH Swift Sound
[2008/10/20 17:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\OpenOffice.org
[2008/10/20 17:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\OpenOffice.org2
[2008/07/28 11:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\PlayFirst
[2008/01/18 22:30:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\judon\Application Data\SecuROM
[2009/08/14 13:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\teamspeak2
[2007/01/24 23:27:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Template
[2008/10/09 14:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\TomTom
[2009/08/14 14:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\uTorrent
[2008/02/01 19:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Valusoft
[2008/02/12 20:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\VeniceMysteryData
[2009/02/21 08:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Vso
[2008/06/22 10:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Windows Media Metering
[2006/04/06 22:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\You've Got Pictures Screensaver
[2008/01/19 18:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\judon\Application Data\Zylom
[2009/07/14 10:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2004/08/19 14:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2004/08/05 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/14 19:35:54 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2007/01/09 23:30:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
[2009/08/14 19:32:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B82C0BB
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D24FC46
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C337006C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C5AF2AA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FABB9ADF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:667565EE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:710F4DBF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC4C6FB4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7A4D14E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B55B892
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F621F80
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4D38596
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0778CBF2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1D3FEF0
< End of report >
répondre
jujuay le 14 aout 2009 à 21h49
OTL Extras logfile created on: 14/08/2009 21:44:43 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\judon\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,76 Gb Available in Paging File | 93,88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145,95 Gb Total Space | 90,59 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive D: | 43,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUDONDELL
Current User Name: judon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" = C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- ()
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\IncrediMail\bin\ImPackr.exe" = C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:IncrediMail -- ()
"C:\Program Files\WebSite X5 Evolution\WebSite.exe" = C:\Program Files\WebSite X5 Evolution\WebSite.exe:*:Enabled:WebSite X5 -- (Incomedia - www.websitex5.com)
"C:\Program Files\Metin2_France\metin2.bin" = C:\Program Files\Metin2_France\metin2.bin:*:Enabled:metin2 -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1A8586F9-0B61-11D6-AA2E-0008C760B784}" = Disney Winnie l'Ourson C'est la récré !
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1D6FB37A-CBCA-11D6-8940-0002A5E32BEF}" = Les Aventures de Porcinet
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel(R) PROSet for Wired Connections
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{64D114CE-4234-45C2-B60A-2B07D5A48F72}" = Microsoft Works 7.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A20B1BE5-F7DC-4201-A72F-EE432AAD5BCD}" = Micro Application - 1, 2, 3 Photo 2006
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1036-7B44-A70900000002}" = Adobe Reader 7.0.9 - Français
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258g
"{BE0083E8-C4F8-42A2-AA47-73DBB84871A2}" = Micro Application - Faire-part 1.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = DMX Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{FA6BB8EA-E0D4-4C41-8C34-8F26E449FE13}" = Windows Media Player Metering Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"adsl TV" = adsl TV
"Advanced Video FX Engine" = Advanced Video FX Engine
"ATI Display Driver" = ATI Display Driver
"AVIConverter" = AVIConverter Smart
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVStoDVD" = AVStoDVD 2.1.2
"BroadWave" = BroadWave
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0220" = Creative Live! Cam Video IM Driver (1.01.01.00)
"Disney Winnie l’Ourson La Chasse au Miel de Tigrou" = Jouer à Disney Winnie l’Ourson La Chasse au Miel de Tigrou
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Guide d'utilisation" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Free Video Converter_is1" = Free Video Converter V 2.0
"HijackThis" = HijackThis 2.0.2
"hypercam 2" = HyperCam 2
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"Incomedia WebSite X5 Evolution" = Incomedia WebSite X5 Evolution
"IncrediMail" = IncrediMail
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manuel d'utilisation de Creative Live! Cam Video IM French" = Manuel d'utilisation de Creative Live! Cam Video IM (Français)
"Medieval Lords_tdm_is1" = Téléchargeur de Medieval Lords fr
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Neuf_Kit" = Neuf - Kit de connexion
"PhotoFiltre" = PhotoFiltre
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PrimoPDF4.0.1" = PrimoPDF
"PROSet" = Intel(R) PRO Network Connections Drivers
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Skype_is1" = Skype 3.0
"SoundTap" = SoundTap
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"Switch" = Switch
"SysInfo" = Creative System Information
"TeamSpeak Client_is1" = TeamSpeak Client
"ToolBox" = NCH Toolbox
"unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WindowsDrawLE" = Micrografx Windows Draw 6 Limited Edition
"WinRAR archiver" = Archiveur WinRAR
"WOLAPI" = Composants Internet Partagés de Westwood
"World of Warcraft" = World of Warcraft
"Wow Cartographe" = Wow Cartographe 1.09
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"google chrome" = Google Chrome
"Kellogg's Afrique" = Kellogg's Afrique

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2009 07:24:22 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1002
Description = Application bloquée WowCartographe.exe, version 1.0.8.367, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/07/2009 10:24:28 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3483, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/07/2009 10:24:31 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1369206954.

Error - 30/07/2009 10:26:24 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3483, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/07/2009 10:26:26 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1369206954.

Error - 30/07/2009 11:15:42 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3483, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/07/2009 11:15:44 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1369206954.

Error - 14/08/2009 08:46:36 | Computer Name = JUDONDELL | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 14/08/2009 10:09:23 | Computer Name = JUDONDELL | Source = Application Hang | ID = 1002
Description = Application bloquée helpctr.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 14/08/2009 14:33:41 | Computer Name = JUDONDELL | Source = Application Error | ID = 1000
Description = Application défaillante rts.exe, version 0.0.0.0, module défaillant
rts.exe, version 0.0.0.0, adresse de défaillance 0x00001806.

[ System Events ]
Error - 14/08/2009 11:33:37 | Computer Name = JUDONDELL | Source = atapi | ID = 262153
Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:33:37 | Computer Name = JUDONDELL | Source = atapi | ID = 262153
Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:33:37 | Computer Name = JUDONDELL | Source = iastor | ID = 262153
Description = Le périphérique \Device\Ide\iaStor0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:33:37 | Computer Name = JUDONDELL | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\D.

Error - 14/08/2009 11:33:37 | Computer Name = JUDONDELL | Source = iastor | ID = 262153
Description = Le périphérique \Device\Ide\iaStor0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:33:47 | Computer Name = JUDONDELL | Source = atapi | ID = 262153
Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:33:52 | Computer Name = JUDONDELL | Source = atapi | ID = 262153
Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:33:54 | Computer Name = JUDONDELL | Source = iastor | ID = 262153
Description = Le périphérique \Device\Ide\iaStor0 n'a pas répondu dans le délai
imparti.

Error - 14/08/2009 11:34:04 | Computer Name = JUDONDELL | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk2\D.

Error - 14/08/2009 11:34:04 | Computer Name = JUDONDELL | Source = iastor | ID = 262153
Description = Le périphérique \Device\Ide\iaStor0 n'a pas répondu dans le délai
imparti.


< End of report >
répondre
jujuay le 14 aout 2009 à 21h56
bonsoir tu me dis tres infecte
as tu une idee de l origine de l infection
merci
répondre
Curson le 14 aout 2009 à 22h10
Bonsoir,

Désactive tes logiciels de sécurité durant la procédure.

1) Relance OTL

- Copie-colle l'entièreté de ceci ci dessous dans la partie "Customs Scans/Fixes" :
:otl
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM\..\Run: [braviax] File not found
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\System32\msword98.exe ()
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe ()
O4 - HKU\.DEFAULT\..\Run: [braviax] File not found
O4 - HKU\S-1-5-18\..\Run: [braviax] File not found
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\..\Run: [braviax] File not found
O4 - HKU\S-1-5-21-571085115-3119912232-2712011085-1005\..\Run: [msword98] C:\Documents and Settings\judon\msword98.exe ()
O4 - Startup: C:\Documents and Settings\judon\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
[2009/08/14 20:34:08 | 00,026,686 | ---- | C] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/14 20:34:05 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/14 18:57:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp01
[2009/08/14 16:18:37 | 00,050,688 | ---- | C] () -- C:\WINDOWS\rts.exe
[2009/08/14 16:18:37 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\naunkt55u81.sys
[2009/08/14 14:36:11 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/07/28 18:52:28 | 00,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/11/22 16:41:12 | 00,000,007 | ---- | C] () -- C:\WINDOWS\cdtqtechec.ini
[2009/08/14 19:31:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/14 19:31:12 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/14 19:06:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/14 19:06:35 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/14 18:35:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/14 18:35:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/14 15:38:39 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/14 15:38:39 | 00,000,172 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/14 14:49:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/14 14:49:28 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/14 14:42:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/08/14 14:42:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/07/25 07:44:30 | 00,511,874 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/07/25 07:44:30 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/25 07:44:30 | 00,085,396 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/07/25 07:44:30 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2007/06/08 20:30:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2006/04/06 22:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[Purity]
[emptytemp]
[start explorer]
[Reboot]

Clique ensuite sur "Run Fix". L'ordinateur peut demander à redémarrer, accepte.
Une fois l'opération terminée, un fichier texte apparaîtra à l'écran. Copie/colle son contenu ici.


2) Télécharge Combofix de sUBs : combofix.exe et sauvegarde-le sur ton bureau.

- Connecte tous tes supports amovibles (clés USB, disques, lecteurs MP3, etc.).
- Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
- Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


Si tu n'as plus accès à Internet après l'utilisation de ComboFix :
Suis cette procédure :

1. Cliquez sur le bouton Démarrer.
2. Cliquez sur l'option de menu Paramètres.
3. Cliquez sur l'option Panneau de configuration.
4. Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau. Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet puis cliquez sur Connexions réseau tout en bas.
5. Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
6. Vous verrez alors un menu similaire à celui de l'image ci-dessous. Cliquez simplement sur l'option de menu Réparer.
< inclued picture >

7. Laissez le processus de réparation se dérouler, et lorsqu'il a terminé, votre connexion Internet devrait être de nouveau opérationnelle.

Sinon, si une icône de votre réseau apparaît aussi dans la barre des tâches Windows, vous pouvez la réparer en faisant un clic droit sur l'icône et en choisissant Réparer comme le montre l'image ci-dessous:
< inclued picture >


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 14 aout 2009 à 22h39
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\WINDOWS\System32\msword98.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\WINDOWS\rts.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_USERS\S-1-5-18\\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found.
Registry value HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\\Software\Microsoft\Windows\CurrentVersion\Run\\msword98 deleted successfully.
C:\Documents and Settings\judon\msword98.exe moved successfully.
C:\Documents and Settings\judon\Menu Démarrer\Programmes\Démarrage\ikowin32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
File C:\WINDOWS\System32\msword98.exe not found.
C:\WINDOWS\System32\braviax.exe moved successfully.
C:\WINDOWS\temp01 moved successfully.
File C:\WINDOWS\rts.exe not found.
C:\WINDOWS\System32\drivers\naunkt55u81.sys moved successfully.
C:\WINDOWS\System32\dllcache\ntfs.sys moved successfully.
C:\WINDOWS\_delis32.ini moved successfully.
C:\WINDOWS\cdtqtechec.ini moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\WINDOWS\System32\perfh00C.dat moved successfully.
C:\WINDOWS\System32\perfh009.dat moved successfully.
C:\WINDOWS\System32\perfc00C.dat moved successfully.
C:\WINDOWS\System32\perfc009.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: judon
->Temp folder emptied: 136170269 bytes
File delete failed. C:\Documents and Settings\judon\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1430691 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44467955 bytes
->Google Chrome cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2780635 bytes

User: NetworkService
->Temp folder emptied: 20856 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3433472 bytes
Windows Temp folder emptied: 421234 bytes
RecycleBin emptied: 1624688 bytes

Total Files Cleaned = 181,64 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08142009_222024

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
répondre
jujuay le 14 aout 2009 à 22h58
ComboFix 09-08-10.06 - judon 14/08/2009 22:43.7.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2580 [GMT 2:00]
Running from: c:\documents and settings\judon\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\judon\Application Data\wiaserva.log
c:\windows\system32\braviax.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 20:20 . 2009-08-14 20:20 -------- d-----w- C:\_OTL
2009-08-14 12:55 . 2009-08-14 12:55 152576 ----a-w- c:\documents and settings\judon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-31 15:56 . 2009-07-31 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-07-26 08:14 . 2009-07-26 08:21 -------- d-----w- c:\program files\WowCartographe
2009-07-25 16:42 . 2009-07-25 16:42 272384 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-07-25 16:42 . 2009-07-25 16:42 192512 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-07-25 16:42 . 2009-07-25 16:42 258048 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-07-25 16:41 . 2009-07-25 16:41 -------- d-----w- c:\documents and settings\judon\Application Data\Acreon
2009-07-25 16:41 . 2009-07-26 14:36 -------- d-----w- c:\documents and settings\judon\Local Settings\Application Data\._Revolution_
2009-07-25 10:01 . 2009-08-14 11:52 -------- d-----w- c:\program files\World of Warcraft
2009-07-25 09:58 . 2009-07-25 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-07-18 11:23 . 2009-07-18 11:23 202728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\program files\MSBuild
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\program files\Reference Assemblies
2009-07-18 06:53 . 2009-07-18 06:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-17 13:41 . 2009-07-21 09:02 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 19:27 . 2007-12-07 19:07 -------- d-----w- c:\program files\Trend Micro
2009-08-14 18:57 . 2007-01-13 12:21 -------- d-----w- c:\documents and settings\judon\Application Data\Skype
2009-08-14 14:28 . 2007-01-08 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 12:56 . 2006-04-06 20:47 -------- d-----w- c:\program files\Java
2009-08-14 12:55 . 2008-12-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 12:54 . 2008-12-22 18:14 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-14 12:43 . 2007-01-08 14:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 12:40 . 2007-09-15 17:45 -------- d-----w- c:\documents and settings\judon\Application Data\uTorrent
2009-08-14 12:36 . 2004-08-19 12:03 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-14 11:41 . 2009-04-02 15:27 -------- d-----w- c:\documents and settings\judon\Application Data\teamspeak2
2009-08-14 10:55 . 2008-10-20 15:47 1 ----a-w- c:\documents and settings\judon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-03 11:36 . 2008-12-01 20:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-12-01 20:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 10:49 . 2008-09-22 16:32 -------- d-----w- c:\program files\eMule
2009-07-25 14:52 . 2007-07-01 17:07 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-25 03:23 . 2008-12-10 21:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 01:55 . 2007-01-14 19:03 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-25 01:55 . 2007-01-14 19:03 104 --sh--r- c:\windows\system32\476E4A4BDB.sys
2009-07-22 07:54 . 2007-01-12 21:46 -------- d-----w- c:\documents and settings\judon\Application Data\AdobeUM
2009-07-18 12:13 . 2007-01-08 14:46 107680 ----a-w- c:\documents and settings\judon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 16:06 . 2009-07-06 16:06 -------- d-----w- c:\program files\HyCam2
2009-07-03 16:57 . 2004-08-19 12:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 11:45 . 2006-04-06 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 15:25 . 2007-12-28 09:54 -------- d-----w- c:\program files\NCH Software
2009-06-19 15:24 . 2008-07-31 16:45 -------- d-----w- c:\program files\Panda Security
2009-06-19 15:23 . 2007-12-29 09:58 -------- d-----w- c:\program files\FastStone Image Viewer
2009-06-19 15:23 . 2007-12-28 09:53 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-19 15:23 . 2007-12-28 09:53 -------- d-----w- c:\documents and settings\judon\Application Data\NCH Swift Sound
2009-06-19 14:13 . 2009-06-19 14:13 -------- d-----w- c:\documents and settings\judon\Application Data\FOG Downloader
2009-06-16 14:40 . 2004-08-19 12:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-19 12:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:10 . 2004-08-19 12:03 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-03-03 17:41 . 2008-03-03 17:41 0 ----a-w- c:\program files\temp01
2006-09-24 15:11 . 2009-04-28 11:26 389120 ----a-w- c:\program files\lameACM.acm
2006-04-29 17:46 . 2009-04-28 11:26 179 ----a-w- c:\program files\Free-Codecs.txt
2002-04-07 09:17 . 2009-04-28 11:26 414 ----a-w- c:\program files\lame_acm.xml
2002-01-23 18:39 . 2009-04-28 11:23 3133 ----a-w- c:\program files\LameACM.inf
2006-05-03 09:06 . 2009-04-27 09:22 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-04-27 09:22 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-04-27 09:22 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-14 12:36 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-6 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"c:\\Program Files\\WebSite X5 Evolution\\WebSite.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 08:06 108289]
R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [05/03/2009 21:59 499716]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [11/03/2008 21:18 146112]
R3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [11/03/2008 21:18 6272]
S2 naunkt55u81;naunkt55u81;\??\c:\windows\system32\drivers\naunkt55u81.sys --> c:\windows\system32\drivers\naunkt55u81.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2007-01-09 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 02:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-rts - c:\windows\rts.exe
HKLM-Run-msword98 - c:\windows\system32\msword98.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
FF - ProfilePath - c:\documents and settings\judon\Application Data\Mozilla\Firefox\Profiles\r61o1v92.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 22:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,6c,3f,9e,66,42,69,4d,62,0e,35,5c,65,a8,93,73,4f,2f,2c,6f,2d,66,65,
86,23,91,4e,4e,04,22,a7,5a,37,06,5b,77,ad,2b,93,7c,77,db,55,eb,c2,51,e9,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
Completion time: 2009-08-14 22:55
ComboFix-quarantined-files.txt 2009-08-14 20:55

Pre-Run: 97 420 111 872 octets libres
Post-Run: 97 375 920 128 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
254 --- E O F --- 2009-07-31 19:52
répondre
Curson le 14 aout 2009 à 23h21
Bonsoir,

Désactive tes logiciels de sécurité durant la procédure.

Télécharge ce fichier et enregistre-le sur ton bureau.

- Fais un glisser/déposer de ce fichier sur le fichier ComboFix.exe

< inclued picture >

- Suis les indications à l'écran et accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

ComboFix va installer automatiquement la Console de récupération Windows.

- Après l'installation, le message "The Recovery Console was successfully installed" va apparaître.
- Un rapport nommé CF_RC.txt va s'afficher à l'écran. Poste son contenu dans ton prochain message.


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 15 aout 2009 à 06h06
ComboFix 09-08-10.06 - judon 14/08/2009 23:43.8.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2511 [GMT 2:00]
Running from: c:\documents and settings\judon\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\judon\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 20:20 . 2009-08-14 20:20 -------- d-----w- C:\_OTL
2009-08-14 12:55 . 2009-08-14 12:55 152576 ----a-w- c:\documents and settings\judon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-31 15:56 . 2009-07-31 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-07-26 08:14 . 2009-07-26 08:21 -------- d-----w- c:\program files\WowCartographe
2009-07-25 16:42 . 2009-07-25 16:42 272384 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-07-25 16:42 . 2009-07-25 16:42 192512 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-07-25 16:42 . 2009-07-25 16:42 258048 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-07-25 16:41 . 2009-07-25 16:41 -------- d-----w- c:\documents and settings\judon\Application Data\Acreon
2009-07-25 16:41 . 2009-07-26 14:36 -------- d-----w- c:\documents and settings\judon\Local Settings\Application Data\._Revolution_
2009-07-25 10:01 . 2009-08-14 11:52 -------- d-----w- c:\program files\World of Warcraft
2009-07-25 09:58 . 2009-07-25 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-07-18 11:23 . 2009-07-18 11:23 202728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\program files\MSBuild
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\program files\Reference Assemblies
2009-07-18 06:53 . 2009-07-18 06:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-17 13:41 . 2009-07-21 09:02 -------- d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 19:27 . 2007-12-07 19:07 -------- d-----w- c:\program files\Trend Micro
2009-08-14 18:57 . 2007-01-13 12:21 -------- d-----w- c:\documents and settings\judon\Application Data\Skype
2009-08-14 14:28 . 2007-01-08 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 12:56 . 2006-04-06 20:47 -------- d-----w- c:\program files\Java
2009-08-14 12:55 . 2008-12-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 12:54 . 2008-12-22 18:14 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-14 12:43 . 2007-01-08 14:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 12:40 . 2007-09-15 17:45 -------- d-----w- c:\documents and settings\judon\Application Data\uTorrent
2009-08-14 11:41 . 2009-04-02 15:27 -------- d-----w- c:\documents and settings\judon\Application Data\teamspeak2
2009-08-14 10:55 . 2008-10-20 15:47 1 ----a-w- c:\documents and settings\judon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-03 11:36 . 2008-12-01 20:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-12-01 20:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 10:49 . 2008-09-22 16:32 -------- d-----w- c:\program files\eMule
2009-07-25 14:52 . 2007-07-01 17:07 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-25 03:23 . 2008-12-10 21:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 01:55 . 2007-01-14 19:03 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-25 01:55 . 2007-01-14 19:03 104 --sh--r- c:\windows\system32\476E4A4BDB.sys
2009-07-22 07:54 . 2007-01-12 21:46 -------- d-----w- c:\documents and settings\judon\Application Data\AdobeUM
2009-07-18 12:13 . 2007-01-08 14:46 107680 ----a-w- c:\documents and settings\judon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 16:06 . 2009-07-06 16:06 -------- d-----w- c:\program files\HyCam2
2009-07-03 16:57 . 2004-08-19 12:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 11:45 . 2006-04-06 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 15:25 . 2007-12-28 09:54 -------- d-----w- c:\program files\NCH Software
2009-06-19 15:24 . 2008-07-31 16:45 -------- d-----w- c:\program files\Panda Security
2009-06-19 15:23 . 2007-12-29 09:58 -------- d-----w- c:\program files\FastStone Image Viewer
2009-06-19 15:23 . 2007-12-28 09:53 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-19 15:23 . 2007-12-28 09:53 -------- d-----w- c:\documents and settings\judon\Application Data\NCH Swift Sound
2009-06-19 14:13 . 2009-06-19 14:13 -------- d-----w- c:\documents and settings\judon\Application Data\FOG Downloader
2009-06-16 14:40 . 2004-08-19 12:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-19 12:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:10 . 2004-08-19 12:03 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-03-03 17:41 . 2008-03-03 17:41 0 ----a-w- c:\program files\temp01
2006-09-24 15:11 . 2009-04-28 11:26 389120 ----a-w- c:\program files\lameACM.acm
2006-04-29 17:46 . 2009-04-28 11:26 179 ----a-w- c:\program files\Free-Codecs.txt
2002-04-07 09:17 . 2009-04-28 11:26 414 ----a-w- c:\program files\lame_acm.xml
2002-01-23 18:39 . 2009-04-28 11:23 3133 ----a-w- c:\program files\LameACM.inf
2006-05-03 09:06 . 2009-04-27 09:22 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-04-27 09:22 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-04-27 09:22 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_20.51.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 21:48 . 2009-08-14 21:48 16384 c:\windows\temp\Perflib_Perfdata_264.dat
+ 2004-08-19 12:03 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-6 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"c:\\Program Files\\WebSite X5 Evolution\\WebSite.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 08:06 108289]
R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [05/03/2009 21:59 499716]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [11/03/2008 21:18 146112]
R3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [11/03/2008 21:18 6272]
S2 naunkt55u81;naunkt55u81;\??\c:\windows\system32\drivers\naunkt55u81.sys --> c:\windows\system32\drivers\naunkt55u81.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2007-01-09 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
FF - ProfilePath - c:\documents and settings\judon\Application Data\Mozilla\Firefox\Profiles\r61o1v92.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 23:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,6c,3f,9e,66,42,69,4d,62,0e,35,5c,65,a8,93,73,4f,2f,2c,6f,2d,66,65,
86,23,91,4e,4e,04,22,a7,5a,37,06,5b,77,ad,2b,93,7c,77,db,55,eb,c2,51,e9,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NCH Software\Components\mp3el\mp3enc.exe
c:\program files\NCH Software\Components\mp3el\mp3enc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-14 0:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 22:01
ComboFix2.txt 2009-08-14 20:55

Pre-Run: 97 347 276 800 octets libres
Post-Run: 97 310 662 656 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
283 --- E O F --- 2009-07-31 19:52
répondre
jujuay le 15 aout 2009 à 06h11
bonjour
rapport combofix tres long hier soir suis alle au lit
dans la nuit alerte virus avec antivir alors que ma connection internet etait debranche
par contre j ai recuperer le par feu window
répondre
jujuay le 15 aout 2009 à 07h28
mon dernier scan avec antivir

Avira AntiVir Personal
Date de création du fichier de rapport : samedi 15 août 2009 06:36

La recherche porte sur 1637948 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : JUDONDELL

Informations de version :
BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 06:11:44
ANTIVIR2.VDF : 7.1.5.88 2668032 Bytes 10/08/2009 08:23:55
ANTIVIR3.VDF : 7.1.5.112 269824 Bytes 14/08/2009 11:28:30
Version du moteur : 8.2.1.1
AEVDF.DLL : 8.1.1.1 106868 Bytes 04/05/2009 12:34:43
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 14/08/2009 08:23:57
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 18:21:26
AERDL.DLL : 8.1.2.4 430452 Bytes 16/07/2009 16:07:20
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 06:03:54
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 14:23:09
AEHEUR.DLL : 8.1.0.154 1917302 Bytes 14/08/2009 08:23:57
AEHELP.DLL : 8.1.5.3 233846 Bytes 22/07/2009 18:21:25
AEGEN.DLL : 8.1.1.56 356725 Bytes 14/08/2009 08:23:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 18:21:24
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 13/07/2009 12:09:26
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +JOKE,

Début de la recherche : samedi 15 août 2009 06:36

La recherche d'objets cachés commence.
'57647' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'WebSite.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IMApp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DLG.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche '9wifi.exe' - '1' module(s) sont contrôlés
Processus de recherche 'StartFX.exe' - '1' module(s) sont contrôlés
Processus de recherche 'V0220Mon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ISUSPM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WkUFind.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Res.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DLACTRLW.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'DMXLauncher.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAAnotif.exe' - '1' module(s) sont contrôlés
Processus de recherche 'stsystra.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mp3enc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mp3enc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'E_S40RP7.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'CDAC11BA.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'broadwave.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'InCDsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'50' processus ont été contrôlés avec '50' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD5
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '71' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1035\A0138613.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1035\A0138614.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1036\A0139023.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1036\A0139024.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen

Début de la désinfection :
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1035\A0138613.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab74643.qua' !
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1035\A0138614.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bc21ba4.qua' !
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1036\A0139023.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bc02b34.qua' !
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1036\A0139024.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bc3105c.qua' !


Fin de la recherche : samedi 15 août 2009 07:22
Temps nécessaire: 46:05 Minute(s)

La recherche a été effectuée intégralement

10038 Les répertoires ont été contrôlés
450318 Des fichiers ont été contrôlés
4 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
4 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
450313 Fichiers non infectés
5164 Les archives ont été contrôlées
1 Avertissements
5 Consignes
57647 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
répondre
jujuay le 15 aout 2009 à 08h49
j ai desactive la restauration systeme (lu sur forum pour fichier restore
refait un scan plus rien de trouve

j attends pour voir
je vais repasse malware bytes
répondre
Curson le 16 aout 2009 à 14h43
Bonjour,

Désactive tes logiciels de sécurité durant la procédure.

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
KILLALL::

Driver::
naunkt55u81

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

FileLook::
c:\windows\system32\drivers\ntfs.sys

File::
c:\program files\temp01

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

< inclued picture >

- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Comment se comporte le système ?


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 17 aout 2009 à 09h24
bonjour
tout mes dernier scan sont bon
j ai quand mm voulu suivre ta procedure mais il me marque un message d erreur apres l ecran bleu

were you trying to run CFScript?
the name,CFScript appers to be incorrectly spelt

et pour info j ai reuusi a reactive le pare feu

a+

répondre
Curson le 17 aout 2009 à 18h55
Bonsoir,

Le fichier texte doit être nommé CFScript. Est-ce bien le cas ?

Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 18 aout 2009 à 09h38
bonjour a l heure actuel
le systeme se comporte bien mon dernier scan antivir et malwaresbytes n ont rien touve
je te poste combofix
ComboFix 09-08-10.06 - judon 18/08/2009 8:58.9.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2583 [GMT 2:00]
Running from: c:\documents and settings\judon\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\judon\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\temp01"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp01

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NAUNKT55U81
-------\Service_naunkt55u81


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-14 20:20 . 2009-08-14 20:20 -------- d-----w- C:\_OTL
2009-08-14 12:55 . 2009-08-14 12:55 152576 ----a-w- c:\documents and settings\judon\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-14 08:24 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 15:56 . 2009-07-31 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-07-26 08:14 . 2009-07-26 08:21 -------- d-----w- c:\program files\WowCartographe
2009-07-25 16:42 . 2009-07-25 16:42 272384 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-07-25 16:42 . 2009-07-25 16:42 192512 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-07-25 16:42 . 2009-07-25 16:42 258048 ----a-w- c:\documents and settings\judon\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-07-25 16:41 . 2009-07-25 16:41 -------- d-----w- c:\documents and settings\judon\Application Data\Acreon
2009-07-25 16:41 . 2009-07-26 14:36 -------- d-----w- c:\documents and settings\judon\Local Settings\Application Data\._Revolution_
2009-07-25 10:01 . 2009-08-14 11:52 -------- d-----w- c:\program files\World of Warcraft
2009-07-25 09:58 . 2009-07-25 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 06:31 . 2008-10-20 15:47 1 ----a-w- c:\documents and settings\judon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-16 13:07 . 2007-01-13 12:21 -------- d-----w- c:\documents and settings\judon\Application Data\Skype
2009-08-14 19:27 . 2007-12-07 19:07 -------- d-----w- c:\program files\Trend Micro
2009-08-14 14:28 . 2007-01-08 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 12:56 . 2006-04-06 20:47 -------- d-----w- c:\program files\Java
2009-08-14 12:55 . 2008-12-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 12:54 . 2008-12-22 18:14 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-14 12:43 . 2007-01-08 14:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-14 12:40 . 2007-09-15 17:45 -------- d-----w- c:\documents and settings\judon\Application Data\uTorrent
2009-08-14 11:41 . 2009-04-02 15:27 -------- d-----w- c:\documents and settings\judon\Application Data\teamspeak2
2009-08-05 09:00 . 2004-08-19 12:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2008-12-01 20:31 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-12-01 20:31 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 10:49 . 2008-09-22 16:32 -------- d-----w- c:\program files\eMule
2009-07-25 14:52 . 2007-07-01 17:07 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2009-07-25 03:23 . 2008-12-10 21:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 01:55 . 2007-01-14 19:03 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-25 01:55 . 2007-01-14 19:03 104 --sh--r- c:\windows\system32\476E4A4BDB.sys
2009-07-22 07:54 . 2007-01-12 21:46 -------- d-----w- c:\documents and settings\judon\Application Data\AdobeUM
2009-07-21 09:02 . 2009-07-17 13:41 -------- d-----w- c:\program files\Unlocker
2009-07-18 12:13 . 2007-01-08 14:46 107680 ----a-w- c:\documents and settings\judon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\program files\MSBuild
2009-07-18 11:23 . 2009-07-18 11:23 -------- d-----w- c:\program files\Reference Assemblies
2009-07-17 19:03 . 2004-08-19 12:03 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 12:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 16:06 . 2009-07-06 16:06 -------- d-----w- c:\program files\HyCam2
2009-07-03 16:57 . 2004-08-19 12:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 11:45 . 2006-04-06 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 08:26 . 2004-08-19 12:03 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-19 12:03 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-19 12:03 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-19 12:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-19 12:03 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-19 12:03 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-19 12:03 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-19 15:25 . 2007-12-28 09:54 -------- d-----w- c:\program files\NCH Software
2009-06-19 15:24 . 2008-07-31 16:45 -------- d-----w- c:\program files\Panda Security
2009-06-19 15:23 . 2007-12-29 09:58 -------- d-----w- c:\program files\FastStone Image Viewer
2009-06-19 15:23 . 2007-12-28 09:53 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-19 15:23 . 2007-12-28 09:53 -------- d-----w- c:\documents and settings\judon\Application Data\NCH Swift Sound
2009-06-19 14:13 . 2009-06-19 14:13 -------- d-----w- c:\documents and settings\judon\Application Data\FOG Downloader
2009-06-16 14:40 . 2004-08-19 12:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-19 12:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-19 12:03 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-19 12:03 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-08-19 12:03 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-19 12:14 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-19 12:03 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-19 12:03 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-09-24 15:11 . 2009-04-28 11:26 389120 ----a-w- c:\program files\lameACM.acm
2006-04-29 17:46 . 2009-04-28 11:26 179 ----a-w- c:\program files\Free-Codecs.txt
2002-04-07 09:17 . 2009-04-28 11:26 414 ----a-w- c:\program files\lame_acm.xml
2002-01-23 18:39 . 2009-04-28 11:23 3133 ----a-w- c:\program files\LameACM.inf
2006-05-03 09:06 . 2009-04-27 09:22 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-04-27 09:22 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-04-27 09:22 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\ntfs.sys ---
Company: Microsoft Corporation
File Description: NT File System Driver
File Version: 5.1.2600.5512 (xpsp.080413-2111)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ntfs.sys
File size: 574976
Created time: 2004-08-19 12:03
Modified time: 2008-04-13 19:15
MD5: 78A08DD6A8D65E697C18E1DB01C5CDCA
SHA1: C40F3C1FCBD8A61AD5F36E16971FEB64407BBC66


((((((((((((((((((((((((((((( SnapShot@2009-08-14_20.51.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-18 07:21 . 2009-08-18 07:21 16384 c:\windows\temp\Perflib_Perfdata_1e4.dat
+ 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-15 10:44 . 2009-06-15 10:44 82944 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-15 10:44 . 2009-06-15 10:44 78848 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-08-15 07:37 . 2009-08-15 07:37 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-08-15 07:36 . 2009-08-15 07:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-08-18 07:06 . 2009-08-18 07:06 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-18 07:06 . 2009-08-18 07:06 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2004-08-19 12:03 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys
+ 2009-07-13 21:43 . 2009-07-13 21:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-16 06:17 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\1cb3582.msp
+ 2009-08-18 07:06 . 2009-08-18 07:06 225280 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-15 06:14 . 2009-08-15 06:14 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-08-15 07:36 . 2009-08-15 07:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-08-15 07:36 . 2009-08-15 07:36 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-08-15 07:36 . 2009-08-15 07:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-08-15 07:36 . 2009-08-15 07:36 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-08-15 07:34 . 2009-08-15 07:34 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-08-15 07:34 . 2009-08-15 07:34 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-08-15 07:32 . 2009-08-15 07:32 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-08-15 07:32 . 2009-08-15 07:32 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-08-15 06:13 . 2009-08-15 06:13 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-08-15 06:13 . 2009-08-15 06:13 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-08-15 06:13 . 2009-08-15 06:13 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-08-15 06:13 . 2009-08-15 06:13 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-08-15 07:32 . 2009-08-15 07:32 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-08-15 07:32 . 2009-08-15 07:32 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
- 2009-07-18 11:24 . 2009-07-18 11:24 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-08-15 06:12 . 2009-08-15 06:12 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-08-15 06:12 . 2009-08-15 06:12 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-08-15 06:12 . 2009-08-15 06:12 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2009-07-18 11:24 . 2009-07-18 11:24 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-08-15 06:12 . 2009-08-15 06:12 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2009-07-18 11:24 . 2009-07-18 11:24 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-06-10 07:21 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2008-12-05 17:35 . 2008-12-05 17:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-12-05 18:12 . 2008-12-05 18:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-07-29 17:16 . 2008-07-29 17:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2009-08-18 07:06 . 2009-08-18 07:06 3391488 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-18 07:06 . 2009-08-18 07:06 3391488 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-15 10:42 . 2009-08-15 10:42 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-08-15 07:36 . 2009-08-15 07:36 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-08-15 07:35 . 2009-08-15 07:35 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-08-15 06:14 . 2009-08-15 06:14 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-08-15 07:34 . 2009-08-15 07:34 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-08-15 06:14 . 2009-08-15 06:14 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-08-15 06:14 . 2009-08-15 06:14 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-08-15 07:32 . 2009-08-15 07:32 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-08-15 06:12 . 2009-08-15 06:12 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-07-18 11:24 . 2009-07-18 11:24 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-08-15 06:10 . 2009-08-15 06:10 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-07-18 11:23 . 2009-07-18 11:23 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-08-15 06:10 . 2009-08-15 06:10 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-07-18 11:23 . 2009-07-18 11:23 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2004-08-19 12:04 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll
+ 2007-01-08 14:54 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-13 21:43 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-12-13 08:21 . 2008-12-13 08:21 10473472 c:\windows\Installer\1cb3577.msp
+ 2009-08-18 07:06 . 2009-08-18 07:06 12115968 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-15 07:31 . 2009-08-15 07:31 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-08-15 06:13 . 2009-08-15 06:13 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-6 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"c:\\Program Files\\WebSite X5 Evolution\\WebSite.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 08:06 108289]
R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [05/03/2009 21:59 499716]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [11/03/2008 21:18 146112]
R3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [11/03/2008 21:18 6272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2007-01-09 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-19 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
FF - ProfilePath - c:\documents and settings\judon\Application Data\Mozilla\Firefox\Profiles\r61o1v92.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 09:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-571085115-3119912232-2712011085-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,6c,3f,9e,66,42,69,4d,62,0e,35,5c,65,a8,93,73,4f,2f,2c,6f,2d,66,65,
86,23,91,4e,4e,04,22,a7,5a,37,06,5b,77,ad,2b,93,7c,77,db,55,eb,c2,51,e9,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3328)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NCH Software\Components\mp3el\mp3enc.exe
c:\program files\NCH Software\Components\mp3el\mp3enc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-18 9:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 07:33
ComboFix2.txt 2009-08-14 22:01
ComboFix3.txt 2009-08-14 20:55

Pre-Run: 97 916 026 880 octets libres
Post-Run: 97 810 317 312 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
373 --- E O F --- 2009-08-18 07:29
répondre
jujuay le 18 aout 2009 à 13h29
:hurle: :hurle: :hurle: :hurle:
dernier scan antivir



Avira AntiVir Personal
Date de création du fichier de rapport : mardi 18 août 2009 12:00

La recherche porte sur 1645263 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : JUDONDELL

Informations de version :
BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 06:11:44
ANTIVIR2.VDF : 7.1.5.88 2668032 Bytes 10/08/2009 08:23:55
ANTIVIR3.VDF : 7.1.5.126 367616 Bytes 18/08/2009 08:23:58
Version du moteur : 8.2.1.1
AEVDF.DLL : 8.1.1.1 106868 Bytes 04/05/2009 12:34:43
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 14/08/2009 08:23:57
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 18:21:26
AERDL.DLL : 8.1.2.4 430452 Bytes 16/07/2009 16:07:20
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 06:03:54
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 14:23:09
AEHEUR.DLL : 8.1.0.154 1917302 Bytes 14/08/2009 08:23:57
AEHELP.DLL : 8.1.5.3 233846 Bytes 22/07/2009 18:21:25
AEGEN.DLL : 8.1.1.56 356725 Bytes 14/08/2009 08:23:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 18:21:24
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 13/07/2009 12:09:26
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Disques durs locaux
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +JOKE,

Début de la recherche : mardi 18 août 2009 12:00

La recherche d'objets cachés commence.
'58917' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TeamSpeak.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IMApp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DLG.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche '9wifi.exe' - '1' module(s) sont contrôlés
Processus de recherche 'StartFX.exe' - '1' module(s) sont contrôlés
Processus de recherche 'V0220Mon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ISUSPM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WkUFind.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Res.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DLACTRLW.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'DMXLauncher.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAAnotif.exe' - '1' module(s) sont contrôlés
Processus de recherche 'stsystra.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mp3enc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mp3enc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'E_S40RP7.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'CDAC11BA.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'broadwave.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'InCDsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'47' processus ont été contrôlés avec '47' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '71' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264
C:\_OTL\MovedFiles\08142009_222024\Documents and Settings\judon\msword98.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Mutant.efk
C:\_OTL\MovedFiles\08142009_222024\Documents and Settings\judon\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Zdoogu.FC
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\System32\braviax.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\System32\msword98.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Mutant.efk
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\temp01\BNC.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.FraudLoad.fge
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\temp01\BNF.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.FraudLoad.fge
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\temp01\braviax.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264

Début de la désinfection :
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aeb8fe1.qua' !
C:\_OTL\MovedFiles\08142009_222024\Documents and Settings\judon\msword98.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Mutant.efk
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b018fe2.qua' !
C:\_OTL\MovedFiles\08142009_222024\Documents and Settings\judon\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Zdoogu.FC
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4af98fda.qua' !
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\System32\braviax.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b9de932.qua' !
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\System32\msword98.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Mutant.efk
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a6adbf3.qua' !
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\temp01\BNC.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.FraudLoad.fge
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4acd8fbd.qua' !
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\temp01\BNF.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.FraudLoad.fge
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ad08fbd.qua' !
C:\_OTL\MovedFiles\08142009_222024\WINDOWS\temp01\braviax.exe
[RESULTAT] Contient le cheval de Troie TR/Fake.ids.11264
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49aaa732.qua' !


Fin de la recherche : mardi 18 août 2009 13:24
Temps nécessaire: 49:08 Minute(s)

La recherche a été effectuée intégralement

10161 Les répertoires ont été contrôlés
455241 Des fichiers ont été contrôlés
8 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
8 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
455232 Fichiers non infectés
5198 Les archives ont été contrôlées
1 Avertissements
9 Consignes
58917 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

répondre
Curson le 18 aout 2009 à 17h43
Bonsoir,

C'est parfait, tous les fichiers détectés se trouvent en zone de quarantaine ; ils ne sont donc pas actifs.
L'infection est à présent éradiquée.


Suppression des outils utilisés

1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.


2) Double-clique sur ToolsCleaner2.exe pour lancer l'outil.

- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.

- Copie/colle le rapport et poste-le dans ta prochaine réponse.

Tu peux ensuite supprimer ToolsCleaner.


Sécurisation du système

1) Ta version d'Adobe Reader n'est pas à jour. Des failles de sécurité peuvent permettre l'infection de ton ordinateur. Plus d'informations.

- Désinstalle ta version actuelle.
- Télécharge et installe Adobe Reader 9.1.


2) Java n'est également pas à jour. Télécharge JavaRa et suis les instructions de ce tutorial.
Poste le rapport obtenu.


Comment se comporte le système ?


Cordialement.
-------
Si votre sujet reste sans réponse, merci de le signaler ici.
répondre
jujuay le 19 aout 2009 à 07h20
j avais reussi a enleve les trace des quarantaines en desactivant la restauration du systeme et en le reactivant
merci
je te poste le rapport tool cleaner et je met a jou r adobe pour java je croyais deja l avoir fait
merci
répondre


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / TR/Dldr.FraudLo.sxm resolu
publicité
>Jeu : Plants vs Zombies
Défendez votre maison en plaçant des plantes armées dans votre jardin.

Service 01net
Newsletters 01net
abonnez vous gratuitement !
Actus
Voir le dernier numéro
Entreprise
Voir le dernier numéro
  
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.