Il y a actuellement 599 visiteurs
Jeudi 21 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

tr spy.gen [réglé]

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

tr spy.gen [réglé]

Message le 21 Juil 2010 12:51

bonjour, mon antivirus détecte ce trojan sur mon ordinateur. j'ai passé l'antivirus : avira antivir, ensuite j'ai passé Malwarebytes' anti-malware et malgrès tout il revient toujours. pouvez-vous me venir en aide.
J'ai passé (RSIT) et voilà le rapport :
Code: Tout sélectionner
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dominique LECLERC at 2010-07-21 13:46:06
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 103 GB (67%) free of 153 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:16, on 21/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dominique LECLERC\Bureau\RSIT.exe
C:\Program Files\trend micro\Dominique LECLERC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9809 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-05-24 6021696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-28 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-05-24 6021696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"=C:\Program Files\Volumouse\volumouse.exe [2009-08-05 33280]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-05-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\Bin\IncMail.exe"="C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImApp.exe"="C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe"="C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Steam\SteamApps\rooster85\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\rooster85\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Capcom\MotoGP 08\Launcher.exe"="C:\Program Files\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Race Driver\RaceDriver.exe"="C:\Program Files\Race Driver\RaceDriver.exe:*:Enabled:RaceDriver"
"C:\Program Files\Men of War. Victory Day Edition\outfront_mp.exe"="C:\Program Files\Men of War. Victory Day Edition\outfront_mp.exe:*:Enabled:Main executable"
"C:\Program Files\Steam\SteamApps\common\altitude\altitude.exe"="C:\Program Files\Steam\SteamApps\common\altitude\altitude.exe:*:Enabled:altitude"
"C:\Program Files\eFusion\BlackShot\system\blackshot.exe"="C:\Program Files\eFusion\BlackShot\system\blackshot.exe:*:Enabled:BlackShot"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-07-21 13:46:06 ----D---- C:\rsit
2010-07-17 22:13:13 ----D---- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoScape
2010-07-17 22:12:57 ----D---- C:\Program Files\PhotoScape
2010-07-01 12:36:23 ----D---- C:\Documents and Settings\Dominique LECLERC\Application Data\gtk-2.0
2010-07-01 12:34:32 ----D---- C:\Program Files\GIMP-2.0
2010-07-01 12:33:53 ----D---- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoFiltre
2010-07-01 12:33:50 ----D---- C:\Program Files\PhotoFiltre
2010-06-29 22:09:40 ----D---- C:\2
2010-06-29 13:32:14 ----SHD---- C:\found.004
2010-06-28 19:26:47 ----D---- C:\Program Files\imagicon
2010-06-28 19:14:43 ----D---- C:\icones

======List of files/folders modified in the last 1 months======

2010-07-21 13:46:16 ----D---- C:\Program Files\trend micro
2010-07-21 13:46:12 ----D---- C:\WINDOWS\Prefetch
2010-07-21 13:36:52 ----D---- C:\Program Files\Mozilla Firefox
2010-07-21 13:36:42 ----D---- C:\WINDOWS\system32
2010-07-21 13:35:37 ----SHD---- C:\System Volume Information
2010-07-21 13:35:37 ----D---- C:\WINDOWS\system32\Restore
2010-07-21 13:35:19 ----D---- C:\WINDOWS\temp
2010-07-21 13:35:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-21 13:33:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-21 11:17:27 ----D---- C:\Cynopolis
2010-07-21 10:49:23 ----AD---- C:\WINDOWS
2010-07-21 10:48:36 ----D---- C:\WINDOWS\WinSxS
2010-07-21 10:48:36 ----D---- C:\WINDOWS\system32\drivers
2010-07-21 09:44:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 08:58:05 ----D---- C:\WINDOWS\Debug
2010-07-21 00:32:11 ----D---- C:\Program Files\Steam
2010-07-17 22:12:57 ----RD---- C:\Program Files
2010-07-06 10:11:42 ----D---- C:\Documents and Settings\Dominique LECLERC\Application Data\vlc
2010-07-06 10:11:20 ----D---- C:\Documents and Settings\Dominique LECLERC\Application Data\dvdcss
2010-07-06 10:11:11 ----D---- C:\1
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Contrôleur hôte compatible IEE 1394 VIA OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viadsk;viadsk; C:\WINDOWS\system32\DRIVERS\viadsk.sys [2003-06-19 56576]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-10-25 60928]
R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2009-05-05 13976]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2009-05-05 22168]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-05-26 56816]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-05-16 4069888]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 snpstd2;USB PC Camera (SN9C103); C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2005-04-22 348160]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S0 ikltm;ikltm; C:\WINDOWS\system32\drivers\ikltm.sys []
S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
S3 catchme;catchme; \??\C:\machin25379m\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-05-16 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-28 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-02 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-03-28 604488]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-05-23 3518368]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-03-28 361288]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 


Re: tr spy.gen

Message le 21 Juil 2010 13:13

Bonjours , a tu le rapport de Malwarebytes ? A tu supprimé l'infection ?
Les pro vont arrivé pour résoudre ton problème ;)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: tr spy.gen

Message le 21 Juil 2010 13:22

oui le voila

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4334

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21/07/2010 10:46:53
mbam-log-2010-07-21 (10-46-53).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 231926
Temps écoulé: 1 heure(s), 39 minute(s), 42 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PCS Diag.exe (Trojan.Agent) -> Quarantined and deleted successfully.
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Re: tr spy.gen

Message le 21 Juil 2010 13:31

voila aussi le rapport de avira
Code: Tout sélectionner
21/07/2010,13:34:49 ---------------------------------------------------------
21/07/2010,13:34:59 Le fichier de licence contient une licence valable. Le service Avira AntiVir Premium fonctionne en tant que version intégrale non restreinte !
21/07/2010,13:34:59 AntiVir Guard version : 9.00.01.32,  version du moteur 8.2.4.22,  version VDF : 7.10.9.139
21/07/2010,13:35:00 AntiVir Guard a été activé
21/07/2010,13:35:00 Le service Avira AntiVir Premium a bien été démarré !
21/07/2010,13:35:00 [CONFIG]  Configuration utilisée pour la recherche en temps réel :
      - Fichiers contrôlés :  Contrôler les fichiers des lecteurs locaux
      - Fichiers contrôlés :  utiliser la liste d'extensions de fichiers :  . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL* .XML
       .XXX .ZIP
      - Mode appareil :  Contrôler le fichier à l'ouverture, Contrôler le fichier après sa fermeture
      - Action : Interroger l'utilisateur
      - Contrôler les archives : Désactivé
      - Heuristique macrovirus : Activé
      - Heuristique fichier Win32 : Niveau de détection moyen
      - Étape de documentation : Standard
21/07/2010,13:36:25 [AVERTISSEMENT] Contient le cheval de Troie TR/Spy.Gen!
  C:\Program Files\eFusion\BlackShot\system\GameGuard\npsc.des
      [USER] DOMISALON\DOMINIQUE LECLERC
      [INFO]  Le fichier va être supprimé !



et celui-ci 




Avira AntiVir Premium
Date de création du fichier de rapport : mercredi 21 juillet 2010  11:06

La recherche porte sur 2395531 souches de virus.

Détenteur de la licence : Dominique LECLERC
Numéro de série         : 2207724502-PEPWE-0000001
Plateforme              : Windows XP
Version de Windows      : (Service Pack 3)  [5.1.2600]
Mode Boot               : Démarré normalement
Identifiant             : SYSTEM
Nom de l'ordinateur     : DOMISALON

Informations de version :
BUILD.DAT               : 9.0.0.58      24890 Bytes  15/06/2010 14:07:00
AVSCAN.EXE              : 9.0.3.10     466689 Bytes  13/10/2009 09:25:46
AVSCAN.DLL              : 9.0.3.0       49409 Bytes  03/03/2009 08:21:02
LUKE.DLL                : 9.0.3.2      209665 Bytes  20/02/2009 09:35:11
LUKERES.DLL             : 9.0.2.0       13569 Bytes  03/03/2009 08:21:31
VBASE000.VDF            : 7.10.0.0   19875328 Bytes  06/11/2009 05:35:52
VBASE001.VDF            : 7.10.1.0    1372672 Bytes  19/11/2009 21:02:23
VBASE002.VDF            : 7.10.3.1    3143680 Bytes  20/01/2010 21:02:30
VBASE003.VDF            : 7.10.3.75    996864 Bytes  26/01/2010 21:02:32
VBASE004.VDF            : 7.10.4.203   1579008 Bytes  05/03/2010 21:02:35
VBASE005.VDF            : 7.10.6.82   2494464 Bytes  15/04/2010 21:02:39
VBASE006.VDF            : 7.10.7.218   2294784 Bytes  02/06/2010 19:58:09
VBASE007.VDF            : 7.10.7.219      2048 Bytes  02/06/2010 19:58:09
VBASE008.VDF            : 7.10.7.220      2048 Bytes  02/06/2010 19:58:09
VBASE009.VDF            : 7.10.7.221      2048 Bytes  02/06/2010 19:58:09
VBASE010.VDF            : 7.10.7.222      2048 Bytes  02/06/2010 19:58:09
VBASE011.VDF            : 7.10.7.223      2048 Bytes  02/06/2010 19:58:10
VBASE012.VDF            : 7.10.7.224      2048 Bytes  02/06/2010 19:58:10
VBASE013.VDF            : 7.10.8.37    270336 Bytes  10/06/2010 19:23:08
VBASE014.VDF            : 7.10.8.69    138752 Bytes  14/06/2010 15:52:31
VBASE015.VDF            : 7.10.8.102    130560 Bytes  16/06/2010 12:05:48
VBASE016.VDF            : 7.10.8.135    152064 Bytes  21/06/2010 19:34:12
VBASE017.VDF            : 7.10.8.163    432128 Bytes  23/06/2010 19:20:45
VBASE018.VDF            : 7.10.8.194    133632 Bytes  27/06/2010 11:20:10
VBASE019.VDF            : 7.10.8.220    134656 Bytes  29/06/2010 09:30:08
VBASE020.VDF            : 7.10.8.252    171520 Bytes  04/07/2010 20:38:52
VBASE021.VDF            : 7.10.9.19    131072 Bytes  06/07/2010 11:23:15
VBASE022.VDF            : 7.10.9.36    297472 Bytes  07/07/2010 11:23:16
VBASE023.VDF            : 7.10.9.60    150016 Bytes  11/07/2010 13:56:10
VBASE024.VDF            : 7.10.9.79    113152 Bytes  13/07/2010 21:05:07
VBASE025.VDF            : 7.10.9.99    158720 Bytes  16/07/2010 15:49:34
VBASE026.VDF            : 7.10.9.133    630784 Bytes  20/07/2010 19:05:25
VBASE027.VDF            : 7.10.9.134      2048 Bytes  20/07/2010 19:05:25
VBASE028.VDF            : 7.10.9.135      2048 Bytes  20/07/2010 19:05:25
VBASE029.VDF            : 7.10.9.136      2048 Bytes  20/07/2010 19:05:26
VBASE030.VDF            : 7.10.9.137      2048 Bytes  20/07/2010 19:05:26
VBASE031.VDF            : 7.10.9.139     15872 Bytes  21/07/2010 08:56:56
Version du moteur       : 8.2.4.22
AEVDF.DLL               : 8.1.2.0      106868 Bytes  26/05/2010 21:02:56
AESCRIPT.DLL            : 8.1.3.41    1364346 Bytes  20/07/2010 19:05:33
AESCN.DLL               : 8.1.6.1      127347 Bytes  26/05/2010 21:02:54
AESBX.DLL               : 8.1.3.1      254324 Bytes  26/05/2010 21:02:56
AERDL.DLL               : 8.1.8.2      614772 Bytes  20/07/2010 19:05:32
AEPACK.DLL              : 8.2.3.2      471414 Bytes  20/07/2010 19:05:31
AEOFFICE.DLL            : 8.1.1.7      201081 Bytes  20/07/2010 19:05:30
AEHEUR.DLL              : 8.1.2.6     2793846 Bytes  20/07/2010 19:05:30
AEHELP.DLL              : 8.1.13.2     242039 Bytes  20/07/2010 19:05:27
AEGEN.DLL               : 8.1.3.15     385396 Bytes  20/07/2010 19:05:27
AEEMU.DLL               : 8.1.2.0      393588 Bytes  26/05/2010 21:02:48
AECORE.DLL              : 8.1.16.2     192887 Bytes  20/07/2010 19:05:26
AEBB.DLL                : 8.1.1.0       53618 Bytes  26/05/2010 21:02:47
AVWINLL.DLL             : 9.0.0.3       18177 Bytes  12/12/2008 06:47:30
AVPREF.DLL              : 9.0.3.0       44289 Bytes  26/08/2009 13:13:31
AVREP.DLL               : 8.0.0.7      159784 Bytes  26/05/2010 21:02:58
AVREG.DLL               : 9.0.0.0       36609 Bytes  07/11/2008 13:24:42
AVARKT.DLL              : 9.0.0.3      292609 Bytes  24/03/2009 13:05:22
AVEVTLOG.DLL            : 9.0.0.7      167169 Bytes  30/01/2009 08:36:37
SQLITE3.DLL             : 3.6.1.0      326401 Bytes  28/01/2009 13:03:49
SMTPLIB.DLL             : 9.2.0.25      28417 Bytes  02/02/2009 06:20:57
NETNT.DLL               : 9.0.0.0       11521 Bytes  07/11/2008 13:40:59
RCIMAGE.DLL             : 9.0.0.28    2623745 Bytes  17/06/2009 11:51:05
RCTEXT.DLL              : 9.0.74.0      92417 Bytes  02/11/2009 15:04:54

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Début de la recherche : mercredi 21 juillet 2010  11:06

La recherche d'objets cachés commence.
'45841' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mbam.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rapimgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wcescomm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'volumouse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avwebgrd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avmailc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TUProgSt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SupServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'33' processus ont été contrôlés avec '33' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage maître HD1
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage maître HD2
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage maître HD3
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage maître HD4
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage maître HD5
    [INFO]      Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
    [INFO]      Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '51' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE]  Ce fichier est un fichier système Windows.
    [REMARQUE]  Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\System Volume Information\_restore{F8850334-5566-47B1-8EB5-5655AEEB5671}\RP61\A0108224.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen

Début de la désinfection :
C:\System Volume Information\_restore{F8850334-5566-47B1-8EB5-5655AEEB5671}\RP61\A0108224.exe
    [RESULTAT]  Contient le cheval de Troie TR/Trash.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c77d9db.qua' !


Fin de la recherche : mercredi 21 juillet 2010  13:27
Temps nécessaire:  2:21:01 Heure(s)

La recherche a été effectuée intégralement

   8636 Les répertoires ont été contrôlés
 500844 Des fichiers ont été contrôlés
      1 Des virus ou programmes indésirables ont été trouvés
      0 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
      1 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      1 Impossible de contrôler des fichiers
 500842 Fichiers non infectés
   6536 Les archives ont été contrôlées
      1 Avertissements
      2 Consignes
  45841 Des objets ont été contrôlés lors du Rootkitscan
      0 Des objets cachés ont été trouvés
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Re: tr spy.gen

Message le 21 Juil 2010 13:34

apparement ton "virus" que trouve malwares bytes est supprimé.
c'etait pas un virus, juste un petit executable pour le logiciel de tel portable sony erricsson.
bref ton pc se comporte comment maintenant?ton antivirus s'est calmé ou toujours quelque chose?
fait un essai en redemarant ton pc.
Avatar de l'utilisateur
reg35
PC-Infopraticien
PC-Infopraticien
 
Messages: 5816
Inscription: 21 Juin 2009 22:30
Localisation: recherche en cours, veuillez patienter...
 

Re: tr spy.gen

Message le 21 Juil 2010 13:43

hello vous deux,

le fichier trouvé par malwarebytes est surement un faux positif...

malgrès tout il revient toujours

Normal tu as des traces de rootkit sur ton PC "S0 ikltm;ikltm; C:\WINDOWS\system32\drivers\ikltm.sys [] "

Pour voir si il est toujours actif, fais cela stp...
* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: tr spy.gen

Message le 21 Juil 2010 13:44

Edit:
hello reg35, nos réponses se sont croisées :lol:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: tr spy.gen

Message le 21 Juil 2010 13:49

:D :lol: :wink:
Avatar de l'utilisateur
reg35
PC-Infopraticien
PC-Infopraticien
 
Messages: 5816
Inscription: 21 Juin 2009 22:30
Localisation: recherche en cours, veuillez patienter...
 

Re: tr spy.gen

Message le 21 Juil 2010 14:23

OK voila les rapports:
Code: Tout sélectionner
 

OTL.TXT

OTL logfile created on: 21/07/2010 15:14:25 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Dominique LECLERC\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 023,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 100,21 Gb Free Space | 67,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOMISALON
Current User Name: Dominique LECLERC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Dominique LECLERC\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Volumouse\volumouse.exe (NirSoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Dominique LECLERC\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Volumouse\vlmshlp.dll (NirSoft)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (PCAMPR5) -- C:\WINDOWS\System32\PCAMPR5.SYS File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (DSDrv4) -- C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys File not found
DRV - (catchme) -- C:\machin25379m\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (SysTool) -- C:\WINDOWS\system32\drivers\SysTool.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (snpstd2) USB PC Camera (SN9C103) -- C:\WINDOWS\system32\drivers\snpstd2.sys ()
DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\alcxsens.sys (Sensaura)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viadsk) -- C:\WINDOWS\system32\DRIVERS\viadsk.sys (VIA Technologies, Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.orange.fr/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009/12/25 17:36:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/15 12:58:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/04 19:29:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 20:51:56 | 000,000,000 | ---D | M]
 
[2009/12/12 01:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Extensions
[2010/07/20 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\extensions
[2010/04/25 17:57:50 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010/07/16 17:52:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/16 17:52:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/27 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\extensions\OberonGameHost@OberonGames.com
[2008/12/04 23:28:20 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\searchplugins\live-search.xml
[2010/06/19 23:33:49 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla\Firefox\Profiles\pdvh2zdx.default\searchplugins\MyStart Search.xml
[2010/07/20 22:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 17:47:57 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
[2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/03/26 20:27:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005..\Run: [$Volumouse$] C:\Program Files\Volumouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\..Trusted Domains:   ([]msn in Poste de travail)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/01 14:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/12 00:00:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.VIA -- [ NTFS ]
O32 - AutoRun File - [2008/09/10 13:40:51 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{79ae7fda-e701-11de-a658-00112f947c5a}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3F7924B9-D148-3141-87B1-68F36043A940} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/07/21 15:12:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dominique LECLERC\Bureau\OTL.exe
[2010/07/21 13:46:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/21 08:59:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dominique LECLERC\Recent
[2010/07/17 22:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoScape
[2010/07/17 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/07/01 12:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\Application Data\gtk-2.0
[2010/07/01 12:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\.thumbnails
[2010/07/01 12:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\.gimp-2.6
[2010/07/01 12:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\Mes documents\gegl-0.0
[2010/07/01 12:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/01 12:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoFiltre
[2010/07/01 12:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre
[2010/06/29 22:09:40 | 000,000,000 | ---D | C] -- C:\2
[2010/06/29 13:32:14 | 000,000,000 | -HSD | C] -- C:\found.004
[2010/06/28 19:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\imagicon
[2010/06/28 19:14:43 | 000,000,000 | ---D | C] -- C:\icones
[2010/06/28 19:10:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dominique LECLERC\Bureau\auto école
[2010/06/24 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dominique LECLERC\Bureau\chambre Arwen
[2009/12/20 21:00:23 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2009/12/20 21:00:23 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2009/12/20 21:00:23 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/07/21 15:12:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dominique LECLERC\Bureau\OTL.exe
[2010/07/21 15:09:04 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/21 15:09:04 | 000,000,532 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/07/21 15:09:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/21 15:08:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/21 15:07:45 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\NTUSER.DAT
[2010/07/21 15:07:45 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Dominique LECLERC\ntuser.ini
[2010/07/21 15:07:19 | 000,258,256 | -H-- | M] () -- C:\Documents and Settings\Dominique LECLERC\Local Settings\Application Data\IconCache.db
[2010/07/21 14:21:02 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/21 13:44:40 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Bureau\RSIT.exe
[2010/07/21 13:05:53 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 23:15:15 | 000,051,200 | -H-- | M] () -- C:\Documents and Settings\Dominique LECLERC\Mes documents\photothumb.db
[2010/07/20 21:02:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/17 22:13:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/17 22:13:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/07/11 20:55:16 | 000,237,593 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Mes documents\cv céline4.odt
[2010/07/03 10:35:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/02 21:53:50 | 000,003,528 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\.recently-used.xbel
[2010/07/01 12:04:32 | 000,003,262 | ---- | M] () -- C:\Documents and Settings\Dominique LECLERC\Mes documents\deuch forum.ico
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/07/21 13:44:40 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dominique LECLERC\Bureau\RSIT.exe
[2010/07/20 23:14:06 | 000,051,200 | -H-- | C] () -- C:\Documents and Settings\Dominique LECLERC\Mes documents\photothumb.db
[2010/07/17 22:13:09 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Dominique LECLERC\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2010/07/11 20:40:19 | 000,237,593 | ---- | C] () -- C:\Documents and Settings\Dominique LECLERC\Mes documents\cv céline4.odt
[2010/07/03 10:35:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/03 10:35:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/02 21:53:50 | 000,003,528 | ---- | C] () -- C:\Documents and Settings\Dominique LECLERC\.recently-used.xbel
[2010/07/01 12:04:32 | 000,003,262 | ---- | C] () -- C:\Documents and Settings\Dominique LECLERC\Mes documents\deuch forum.ico
[2010/05/02 15:55:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/04/02 13:57:17 | 000,030,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/28 11:34:40 | 000,001,060 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/02/10 11:08:23 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2009/12/20 21:00:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2009/12/20 21:00:27 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2009/12/20 21:00:25 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2009/12/12 01:33:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/12 01:24:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2009/12/12 00:59:25 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/12/12 00:42:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/12/12 00:25:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/12/12 00:03:00 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysTool.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/12/29 14:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/06/08 14:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/12/12 01:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/12/12 13:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/12/12 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/01/01 12:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/12/25 17:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/12/25 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009/12/26 02:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/19 23:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/05/24 23:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/12/15 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/12/12 01:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/12/15 12:11:40 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/03/02 14:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Apowersoft
[2010/01/26 15:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Capcom
[2010/01/21 22:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\EPSON
[2010/05/15 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\fltk.org
[2010/05/03 18:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\FreeFLVConverter
[2010/05/03 17:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\FreeVideoConverter
[2010/07/01 12:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\gtk-2.0
[2010/06/07 21:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Icones
[2009/12/26 02:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Nokia
[2009/12/12 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\OpenOffice.org
[2009/12/26 02:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PC Suite
[2010/07/01 12:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoFiltre
[2010/07/20 23:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoScape
[2009/12/15 12:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\TuneUp Software
[2010/01/01 12:36:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/07/21 15:09:04 | 000,000,532 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2010/01/22 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/12/15 10:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/05/26 22:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/12/29 14:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/06/08 14:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/01/09 17:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/12/12 01:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/12/12 13:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/12/12 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/12/12 11:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/01/01 12:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/03/24 16:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/02 13:52:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/12/15 13:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/12/25 17:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/12/25 17:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009/12/26 02:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/19 23:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/03/28 11:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/05/24 23:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/06/08 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010/07/21 09:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/28 21:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/12/15 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/12/12 01:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/12/16 11:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/12/15 12:11:40 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2007/01/11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/12/17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[2010/05/26 21:18:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/12/25 17:34:55 | 095,992,424 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_11_update.exe
[2009/12/25 17:35:05 | 000,050,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
[2009/12/25 17:35:05 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
[2009/12/25 17:35:05 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
[2009/12/25 17:35:05 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
[2009/12/25 17:35:09 | 013,930,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
[2009/12/25 17:35:13 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/12/12 02:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Adobe
[2010/01/22 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\AdobeUM
[2010/01/09 17:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Ahead
[2010/03/02 14:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Apowersoft
[2009/12/15 10:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\ATI
[2010/05/26 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Avira
[2010/01/26 15:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Capcom
[2009/12/14 13:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\CyberLink
[2009/12/16 20:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\DivX
[2010/07/06 10:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\dvdcss
[2010/01/21 22:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\EPSON
[2010/05/15 22:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\fltk.org
[2010/05/03 18:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\FreeFLVConverter
[2010/05/03 17:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\FreeVideoConverter
[2010/01/18 13:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Google
[2010/07/01 12:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\gtk-2.0
[2009/12/12 01:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Help
[2010/06/07 21:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Icones
[2009/12/12 00:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Identities
[2009/12/12 01:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\InstallShield
[2009/12/12 11:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Logitech
[2009/12/12 01:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Macromedia
[2010/03/24 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Malwarebytes
[2010/04/16 13:54:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Microsoft
[2009/12/12 01:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Mozilla
[2009/12/15 13:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\MSN6
[2009/12/26 02:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Nokia
[2009/12/12 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\OpenOffice.org
[2009/12/26 02:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PC Suite
[2010/07/01 12:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoFiltre
[2010/07/20 23:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\PhotoScape
[2009/12/12 00:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\Sun
[2009/12/15 12:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\TuneUp Software
[2010/07/06 10:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\vlc
[2009/12/15 12:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dominique LECLERC\Application Data\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/12/12 13:15:38 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Dominique LECLERC\Application Data\Microsoft\Installer\{5DF91B8B-8C3E-B5FB-F2FC-60562159E930}\ARPPRODUCTICON.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2010/03/25 00:17:33 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2003/04/24 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2003/04/24 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys

[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2003/04/24 14:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2004/08/19 17:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys
[2009/12/13 15:16:22 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
 
[color=#A23BEC]< MD5 for: VIAMRAID.SYS  >[/color]
[2005/10/25 17:33:28 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
< End of report >


Suite, et EXTRAS.TXT :

Code: Tout sélectionner
OTL Extras logfile created on: 21/07/2010 15:14:25 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Dominique LECLERC\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 023,00 Mb Total Physical Memory | 502,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 100,21 Gb Free Space | 67,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DOMISALON
Current User Name: Dominique LECLERC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\rooster85\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\rooster85\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\Capcom\MotoGP 08\Launcher.exe" = C:\Program Files\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08 -- ()
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur -- (Ubisoft Entertainment)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Race Driver\RaceDriver.exe" = C:\Program Files\Race Driver\RaceDriver.exe:*:Enabled:RaceDriver -- ()
"C:\Program Files\Men of War. Victory Day Edition\outfront_mp.exe" = C:\Program Files\Men of War. Victory Day Edition\outfront_mp.exe:*:Enabled:Main executable -- File not found
"C:\Program Files\Steam\SteamApps\common\altitude\altitude.exe" = C:\Program Files\Steam\SteamApps\common\altitude\altitude.exe:*:Enabled:altitude -- File not found
"C:\Program Files\eFusion\BlackShot\system\blackshot.exe" = C:\Program Files\eFusion\BlackShot\system\blackshot.exe:*:Enabled:BlackShot -- (Vertigo Games)
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00099DCF-8DC8-4EA2-A80A-3C2DA67864B2}" = CCC Help Russian
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{006DA48B-84C2-B075-3A6B-DB6090A61306}" = ccc-core-static
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01587D48-FA82-0CB5-B1ED-CF60359EBF11}" = Catalyst Control Center Graphics Full Existing
"{021CB753-D388-4C3B-8E40-554E226F54F2}" = Shadow Ops  Red Mercury
"{0286311C-4AF8-FA22-DB38-14950C825B02}" = Catalyst Control Center Graphics Previews Common
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{13858DBF-E649-B602-4922-F2C6F424DF81}" = CCC Help Thai
"{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite
"{18754BA4-4F0C-4E6E-888B-9496AFA05F43}" = Ma-Config.com
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AFBA4FA-F13F-CFB7-A010-B4ABD7918787}" = CCC Help Finnish
"{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.0.9
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FA28330-2028-4033-BD10-425C87EB4D54}" = Nokia Software Updater
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife
"{38FC8A78-B58E-FA87-240A-1F97E6F2A0BD}" = Catalyst Control Center Localization All
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{423E8FEF-4132-A70A-61B3-0726D033060B}" = CCC Help Norwegian
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{430ACB56-530C-E6DE-E352-C49AEDC18395}" = CCC Help Portuguese
"{4515B871-9B69-8B72-FCF7-ED6E95766656}" = CCC Help Turkish
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{47E6B961-AC49-B8E7-A6A9-BEC54D4AA6B6}" = CCC Help Danish
"{491A759F-F3B3-D1E1-D647-082B7EBA8325}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{513BB9B0-510F-802D-88FA-ADBBBD11B5B0}" = CCC Help Czech
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5605BCF1-3E90-4468-BAED-A48AC059DF73}" = Catalyst Control Center Graphics Full New
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5DF91B8B-8C3E-B5FB-F2FC-60562159E930}" = Catalyst Control Center InstallProxy
"{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635F45CE-157B-2904-F14B-14CB254EC9AB}" = CCC Help German
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{672DD057-CF5C-9696-67F7-5E288F0153F4}" = CCC Help Italian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E86DAB2-6F06-1037-DCB5-D5C06F7CAD96}" = CCC Help Korean
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745CA57E-997D-F483-545D-FE58169C38A4}" = CCC Help Dutch
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{86C972F5-1C36-957C-14B8-A13C5657764E}" = CCC Help Swedish
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8E309767-4214-4A04-AB88-FE86155FC151}" = Race Driver
"{93074F43-A643-5A8F-88A0-A7A43A80D666}" = Catalyst Control Center Core Implementation
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95591B59-20D3-2678-E976-7CC0A4DAA62F}" = CCC Help Chinese Traditional
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49710D9-0665-E022-C35C-A27064724F41}" = CCC Help Japanese
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A5423CF8-2D49-E766-1A52-FAF14AC3B4DF}" = ccc-core-preinstall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A70000000000}" = Adobe Reader 7.0 - Français
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0B49C20-D2D1-437B-80F0-C2298F5DCD2B}" = Nokia Photos
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2E7E360-022D-4CEB-B840-2D07F1F209B2}" = ATI AVIVO Codecs
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51F0417-4A38-7D39-A06F-9548662055D9}" = Catalyst Control Center HydraVision Full
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{BBC50689-84B3-A276-E667-185E162621AC}" = ccc-utility
"{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08
"{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}" = Nokia Music
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C32D7A1E-AF7A-1E53-3574-D70F8DBAE9C0}" = CCC Help Greek
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C5B4CB33-F375-F6BC-682F-DF322424ABF3}" = CCC Help Spanish
"{C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}" = Nokia Ovi System Utilities
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBB9F4D-32D1-7896-AE8B-58F983A3972C}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3A00AE-73CA-EECC-32AA-F76750734AF7}" = Catalyst Control Center Graphics Light
"{D099F296-A6DC-C6A9-73D2-C9B2D7DA7ADA}" = CCC Help Chinese Standard
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DB53C134-1135-E6E1-6338-534249E4F6FD}" = CCC Help Hungarian
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEEFE73A-1900-AC1A-EBA8-132E4A8CBC0C}" = CCC Help English
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BlackShot" = BlackShot Á¦°Å
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"CPBEBE2" = Jardin d'éveil La Famille de Petit Ours
"CPBEBE2PE" = Jardin d'Eveil La famille de Petit Ours - Personnaliser
"CPBEBEL" = Coup de pouce Le livre de bébé
"Cynopolis_is1" = Cynopolis v1.0 du 24/07/2008 - Màj du 27/07/2008
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EAX Unified" = EAX Unified
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"EPSON Stylus SX200_SX400_TX200_TX400 Guide d'utilisation" = EPSON Stylus SX200_SX400_TX200_TX400 Manuel
"Free FLV Converter_is1" = Free FLV Converter V 6.7.8
"Free Video Converter_is1" = Free Video Converter V 2.6
"IncrediMail" = IncrediMail 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gestionnaire de périphériques de plate-forme
"InstallShield_{8E309767-4214-4A04-AB88-FE86155FC151}" = Race Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"Nero - Burning Rom!UninstallKey" = Nero 6
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3014
"PhotoMail" = PhotoMail Maker
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Radio_Fr" = Radio Fr Solo 2.1
"Steam App 41300" = Altitude
"VIA Bus Master Ultra ATA Driver" = VIA Bus Master Ultra ATA Driver (Remove)
"VLC media player" = VLC media player 1.0.5
"Volumouse" = NirSoft Volumouse
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Imagicon" = Imagicon
"PhotoFiltre" = PhotoFiltre
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 15/06/2010 15:32:56 | Computer Name = DOMISALON | Source = Application Hang | ID = 1002
Description = Application bloquée soffice.bin, version 3.2.9476.500, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 18/06/2010 11:13:51 | Computer Name = DOMISALON | Source = Application Error | ID = 1000
Description = Application défaillante incmail.exe, version 6.0.7.4564, module défaillant
 unknown, version 0.0.0.0, adresse de défaillance 0x04f6cd82.
 
Error - 25/06/2010 17:43:21 | Computer Name = DOMISALON | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3814, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 26/06/2010 02:28:19 | Computer Name = DOMISALON | Source = Application Hang | ID = 1002
Description = Application bloquée soffice.bin, version 3.2.9476.500, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 29/06/2010 16:28:26 | Computer Name = DOMISALON | Source = Application Hang | ID = 1002
Description = Application bloquée IncMail.exe, version 6.1.0.4631, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 29/06/2010 16:40:37 | Computer Name = DOMISALON | Source = Application Error | ID = 1000
Description = Application défaillante incmail.exe, version 6.1.0.4631, module défaillant
 ntdll.dll, version 5.1.2600.5512, adresse de défaillance 0x00011669.
 
Error - 05/07/2010 18:29:45 | Computer Name = DOMISALON | Source = Application Hang | ID = 1002
Description = Application bloquée Patcher.exe, version 1.1.2.33, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 11/07/2010 05:04:50 | Computer Name = DOMISALON | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
 la vérification par rapport à l'horloge système en cours ou le tampon daté dans
 le fichier signé. 
 
Error - 11/07/2010 05:04:50 | Computer Name = DOMISALON | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
 la vérification par rapport à l'horloge système en cours ou le tampon daté dans
 le fichier signé. 
 
Error - 21/07/2010 04:19:33 | Computer Name = DOMISALON | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3828, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
[ System Events ]
Error - 20/07/2010 22:43:48 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.
 
Error - 20/07/2010 23:19:30 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk5\D.
 
Error - 21/07/2010 00:06:59 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\D.
 
Error - 21/07/2010 03:17:59 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.
 
Error - 21/07/2010 04:49:23 | Computer Name = DOMISALON | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
 charger :   viamraid
 
Error - 21/07/2010 07:39:10 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.
 
Error - 21/07/2010 07:48:37 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\D.
 
Error - 21/07/2010 08:07:50 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\D.
 
Error - 21/07/2010 08:19:26 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.
 
Error - 21/07/2010 08:53:03 | Computer Name = DOMISALON | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk4\D.
 
[ TuneUp Events ]
Error - 17/07/2010 16:34:45 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-17 22:34:45',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 18/07/2010 18:32:05 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-19 00:32:05',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 19/07/2010 08:38:20 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-19 14:38:20',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 20/07/2010 16:03:17 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-20 22:03:17',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 20/07/2010 18:43:19 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-21 00:43:19',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 21/07/2010 03:00:30 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-21 09:00:30', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','2600',0)
 
Error - 21/07/2010 03:54:45 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-21 09:54:45',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 21/07/2010 04:49:28 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-21 10:49:28', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','2784',0)
 
Error - 21/07/2010 04:54:37 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-21 10:54:37', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','2124',0)
 
Error - 21/07/2010 05:49:49 | Computer Name = DOMISALON | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
 State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
 (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-21 11:49:49',
 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
 
< End of report >




EDIT Skynet : Rapport divisé en deux (trop gros) ;).
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Re: tr spy.gen

Message le 21 Juil 2010 15:30

re,

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
:OTL
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\machin25379m\catchme.sys File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2025429265-1580818891-839522115-1005\..Trusted Domains: ([]msn in Poste de travail)

:Files
C:\WINDOWS\System32\GameMon.des

:commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[REBOOT]
[CLEARALLRESTOREPOINTS]


* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Dès que le pc a redémarrer fais cela....

Télécharge >> TFC.exe << impérativement sur ton bureau

Ferme tous les programmes en cour de fonctionnement...

Fait un double-clic sur l'icône de TFC pour le lancer

Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.


ensuite dit moi si tu as toujours cette alerte d'Antivir, si oui précis le nom exact du fichier infectieux et son emplacement :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: tr spy.gen

Message le 21 Juil 2010 15:51

Ok donc voila déjà le rapport OTL :

Code: Tout sélectionner
 All processes killed
========== OTL ==========
Error: No service named npggsvc was found to stop!
Service\Driver key npggsvc not found.
File  C:\WINDOWS\System32\GameMon.des  not found.
Error: No service named EagleNT was found to stop!
Service\Driver key EagleNT not found.
File  C:\WINDOWS\System32\drivers\EagleNT.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\machin25379m\catchme.sys File not found not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2025429265-1580818891-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2025429265-1580818891-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\GameMon.des not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Dominique LECLERC
->Temp folder emptied: 24338642 bytes
->Temporary Internet Files folder emptied: 4034922 bytes
->Java cache emptied: 583622 bytes
->FireFox cache emptied: 38249772 bytes
->Google Chrome cache emptied: 6275888 bytes
->Flash cache emptied: 16019 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 261655 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1344002 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 637145 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 56361 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 72,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: Dominique LECLERC
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
Restore points cleared and new OTL Restore Point set!
 
OTL by OldTimer - Version 3.2.9.1 log created on 07212010_164512

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Re: tr spy.gen

Message le 21 Juil 2010 16:00

Par contre impossible de charger ou trouver TFC.EXE
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Re: tr spy.gen

Message le 21 Juil 2010 16:08

C'est bon avec un peu de recherche j'ai trouvé, je le lance
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Re: tr spy.gen

Message le 21 Juil 2010 16:13

re,

le site est indisponible
Prend ce lien
http://www.itxassociates.com/OT-Tools/TFC.exe
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: tr spy.gen

Message le 21 Juil 2010 16:21

Bon j'ai passé TFC et redémarrage

plus de message de mon anti-virus

en fait le message apparait lorsque je lançais un jeu ( BlackShot chargement légal puisqu'il est gratuit ) que j'ai depuis des mois et qui ne m'avait pas posé de problème

je crois que le virus se mettait dans le fichier : [AVERTISSEMENT] Contient le cheval de Troie TR/Spy.Gen!
C:\Program Files\eFusion\BlackShot\system\GameGuard\npsc.des

je l'ai réessayé et plus de problème

Si tout est fini je remercie toutes les personnes qui m'ont aidé à résoudre ce problème et dis-moi si je mets résolu dans le titre ou si il y a quelque chose d'autre à faire
rooster85
Apprenti(e)
Apprenti(e)
 
Messages: 30
Inscription: 24 Mar 2010 15:20
 

Suivante


Sujets similaires

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 9

Message [Réglé] Mini PC pour la 4k HDR
Bonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7

Message Son 5.1 [Réglé]
Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3

Message [Réglé] Fenêtre intempestive Powershell au démarrage
Bonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 12


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 23 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.