Il y a actuellement 730 visiteurs
Dimanche 22 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

infection cheval de troie • page 2

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Re: infection cheval de troie

Message le 26 Avr 2011 18:54

coucou,

c'est possible Qu'OTLPE ne l'ai pas crée

C'est pas grave...

Sur le pc malade fais cela...

* Télécharge >> OTL <<sur ton bureau.

* Fais un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

Ensuite, tu devrais avoir ce fameux fichier "C:\PhysicalMBR.bin" pour le faire analyser /!\ l’extension .bin n'apparait pas forcément :wink:

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 


Re: infection cheval de troie

Message le 28 Avr 2011 14:21

En 1er le OLT.txt
OTL logfile created on: 28/04/2011 14:26:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\christian\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,04 Gb Total Space | 21,26 Gb Free Space | 32,20% Space Free | Partition Type: NTFS
Drive D: | 6,94 Gb Total Space | 0,77 Gb Free Space | 11,03% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 85,09% Space Free | Partition Type: NTFS

Computer Name: CHRISTIA-593F11 | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\christian\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Orange\Media Player\Media Player.exe (Orange)
PRC - C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - C:\Program Files\CardDetector\ICON225\CardDetector.exe (France Telecom SA)
PRC - C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe ()
PRC - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe (Voxmobili)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\christian\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ImapiService) -- C:\WINDOWS\System32\imapihp.exe (Microsoft Corporation)
SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (FLCDLOCK) -- C:\WINDOWS\system32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (RoxMediaDB9) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (stllssvr) -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
DRV - (DAMDrv) -- C:\WINDOWS\system32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (NETw4x32) Pilote de carte Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SIS163u) -- C:\WINDOWS\system32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (ovt530) -- C:\WINDOWS\system32\drivers\ov530vid.sys (OmniVision Technologies, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.troner.net/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-842925246-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1220945662-842925246-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
IE - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1220945662-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2009/09/09 03:12:15 | 000,327,749 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11212 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - File not found
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - No CLSID value found.
O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll (Copernic Inc.)
O3 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll (Copernic Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Asfplayer] C:\Program Files\Linksys\Compact Wireless-G Internet Video Camera\asfplayer.exe ()
O4 - HKLM..\Run: [BEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetector] C:\Program Files\CardDetector\ICON225\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\.DEFAULT..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe (Orange)
O4 - HKU\S-1-5-18..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe (Orange)
O4 - HKU\S-1-5-19..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe (Orange)
O4 - HKU\S-1-5-20..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe (Orange)
O4 - HKU\S-1-5-21-1220945662-842925246-725345543-1003..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-1220945662-842925246-725345543-1003..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1220945662-842925246-725345543-1003..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1220945662-842925246-725345543-1003..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe (Orange)
O4 - HKU\S-1-5-21-1220945662-842925246-725345543-1003..\Run: [YnnAflICEeXU] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel de Synchronisation Orange.lnk = C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe (Voxmobili)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\christian\Menu Démarrer\Programmes\Démarrage\e-Backup Scheduler.lnk = C:\Program Files\Inachis\e-Backup\eBackup.exe (Inachis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..Trusted Domains: orange.fr ([www] http in Sites de confiance)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1F75C3DC-38E2-4424-A028-217AA4CB43CA} http://192.168.1.198/adm/NetCamMotionDetect.cab (NetCamMotionDetect Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.fr/s/v/57.07/uploader2.cab (UploadListView Class)
O16 - DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} http://download.sp.f-secure.com/ols/nor ... uncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/stat ... DP-2.0.cab (AdVerifierADPCtrl Class)
O16 - DPF: {899F550F-1C77-48F8-BC90-E7BEC97A2D43} http://download.sp.f-secure.com/ols/nor ... uncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8ED1093F-319E-48EC-A9F2-971236F0CC21} http://ipeyeanywhere.marmitek.com/UltraCamX.cab (UltraCamX Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://orange.securitoo.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.198/NetCamPlayerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {D9D72A92-132E-46EC-A6F1-896B19227142} http://www.ipcam-view.net/ActiveX/ax4web.cab (mpeg4 ActiveX Plugin for web v2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{025726f1-9f1d-11dc-a6c2-001b77a67dac}\Shell - "" = AutoRun
O33 - MountPoints2\{025726f1-9f1d-11dc-a6c2-001b77a67dac}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{1d7375c8-7617-11de-a951-001b77a67dac}\Shell\Shell00\Command - "" = G:\Start.exe
O33 - MountPoints2\{4d324d67-1aa2-11e0-ab8b-001b77a67dac}\Shell - "" = AutoRun
O33 - MountPoints2\{4d324d67-1aa2-11e0-ab8b-001b77a67dac}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe
O33 - MountPoints2\{5f9e2c53-621d-11de-a935-001b77a67dac}\Shell\AutoRun\command - "" = G:\Delivery.exe
O33 - MountPoints2\{c20a465d-0f61-11e0-ab8a-001b77a67dac}\Shell - "" = AutoRun
O33 - MountPoints2\{c20a465d-0f61-11e0-ab8a-001b77a67dac}\Shell\AutoRun\command - "" = G:\ReadMe.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {549FEE1A-19C7-4409-B745-68B9D19484D1} - Oranger
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{1907FD34-C3C0-4346-8D47-60BD03131611} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 14:19:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\christian\Bureau\OTL.exe
[2011/04/26 05:07:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/25 19:30:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\christian\Recent
[2011/04/25 17:35:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\christian\Mes documents\OTL.exe
[2011/04/25 15:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\christian\Application Data\Malwarebytes
[2011/04/25 15:55:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/25 15:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/04/25 15:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/25 15:54:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/25 15:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/25 15:53:02 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\christian\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50_francais_215092.exe
[2011/04/25 15:46:39 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\christian\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50_francais_215092.exe
[2007/12/21 10:05:55 | 000,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 30 Days ==========

[2011/04/28 14:37:22 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 14:35:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9450FA3F-53BC-41B1-9C0E-CFB53A24A102}.job
[2011/04/28 14:32:10 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/28 14:27:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/04/28 14:19:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\christian\Bureau\OTL.exe
[2011/04/28 14:01:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 14:00:47 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 14:00:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 14:00:42 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/26 01:25:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/04/25 23:34:41 | 000,128,402 | ---- | M] () -- C:\Documents and Settings\christian\Bureau\install_malwarebytes--2067-mbamsetup.exe
[2011/04/25 17:35:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\christian\Mes documents\OTL.exe
[2011/04/25 15:53:02 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\christian\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50_francais_215092.exe
[2011/04/25 15:46:39 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\christian\Bureau\malwarebytes-anti-malware_malwarebytes_anti-malware_1.50_francais_215092.exe
[2011/04/15 18:14:38 | 000,369,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 07:59:54 | 000,512,462 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/04/15 07:59:54 | 000,442,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 07:59:54 | 000,085,998 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/04/15 07:59:54 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/15 07:59:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/04/28 14:27:51 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/04/25 23:34:41 | 000,128,402 | ---- | C] () -- C:\Documents and Settings\christian\Bureau\install_malwarebytes--2067-mbamsetup.exe
[2011/04/25 15:55:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/12/11 01:25:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/07/11 06:47:25 | 000,245,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/09 11:04:43 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/09 11:04:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/11/01 17:09:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\christian\Local Settings\Application Data\art.udk
[2009/11/01 17:09:17 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\christian\Local Settings\Application Data\19720201.dat
[2009/11/01 17:09:16 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009/06/28 20:55:48 | 000,684,377 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/06/28 20:55:48 | 000,003,410 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/02/17 19:37:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2008/08/31 00:02:18 | 000,002,951 | ---- | C] () -- C:\Documents and Settings\christian\Application Data\RealCADDPrefV4.06
[2008/08/31 00:02:18 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\christian\Application Data\RealCADDOpenRecent
[2008/08/28 20:53:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/07 18:15:05 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[2008/05/05 19:34:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\christian\Application Data\$_hpcst$.hpc
[2008/04/09 21:23:28 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/03 22:48:24 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\unwlsdrv.exe
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/30 02:50:52 | 000,005,483 | ---- | C] () -- C:\Program Files\FichierVisionneuse.jbf
[2007/12/21 09:59:41 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2007/12/21 09:59:40 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2007/12/17 19:42:27 | 000,003,935 | ---- | C] () -- C:\Program Files\dolphinMF.gif
[2007/12/17 19:42:27 | 000,001,280 | ---- | C] () -- C:\Program Files\dolphinappy.gif
[2007/12/06 20:25:14 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\christian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/30 21:55:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\jascreg.ini
[2007/11/30 21:51:42 | 000,005,885 | ---- | C] () -- C:\Program Files\CAMUNWISE.INI
[2007/11/30 21:50:21 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2007/11/30 20:06:54 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/30 10:35:02 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/11/30 10:15:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4859.dll
[2007/11/28 19:13:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/28 19:13:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/28 19:13:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/28 19:13:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/28 19:13:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/28 19:13:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/28 19:12:06 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/11/28 19:12:06 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/28 19:11:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/28 19:01:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/11/28 18:56:07 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\christian\Local Settings\Application Data\fusioncache.dat
[2007/11/28 18:51:32 | 000,029,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/11/28 01:43:33 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/28 01:42:30 | 000,369,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/28 00:52:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/28 00:47:37 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/08 10:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,512,462 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/03/02 14:00:00 | 000,442,548 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,085,998 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/03/02 14:00:00 | 000,071,842 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 20:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 20:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[1998/12/12 03:00:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/23 19:50:28 | 000,798,659 | ---- | C] () -- C:\WINDOWS\System32\MFC42ENU.DLL
[1998/02/13 14:02:14 | 000,004,375 | ---- | C] () -- C:\WINDOWS\System32\mmc.ini

========== LOP Check ==========

[2009/05/13 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/05/16 23:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/02/26 00:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/04/10 11:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/11/03 18:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugawi
[2007/11/28 19:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/02/24 22:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/17 21:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Suunto
[2009/05/13 18:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Autodesk
[2009/02/24 22:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\DriverCure
[2009/11/01 17:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Fugawi
[2009/08/24 19:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Genie-Soft
[2011/02/22 22:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Icones
[2007/11/28 19:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\InterVideo
[2011/04/28 14:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Media Player
[2009/03/16 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\OfficeUpdate12
[2009/03/17 00:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\OpenOffice.org
[2007/11/30 22:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\SampleView
[2008/05/07 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Uniblue
[2008/07/29 21:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Uwatec
[2008/01/07 22:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\V-Planner
[2009/12/10 00:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Voxmobili
[2011/04/28 14:35:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9450FA3F-53BC-41B1-9C0E-CFB53A24A102}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/11/13 20:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/07/24 20:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/12/25 10:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/13 18:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/05/16 23:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/02/26 00:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/04/10 11:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/11/03 18:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugawi
[2011/03/01 21:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/04/27 18:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/03/30 00:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2007/11/28 19:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/11/28 19:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2008/05/20 18:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/11/28 19:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/25 15:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/28 11:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/12/28 11:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/03/16 23:36:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/02/24 22:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2007/11/28 19:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/12/03 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007/11/28 19:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/03/27 00:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/01 18:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/17 21:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Suunto
[2007/11/30 10:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/02/17 22:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/12/01 20:06:23 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011/03/01 23:37:15 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1B.tmp.exe
[2011/04/26 01:24:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2008/01/20 11:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Adobe
[2008/08/04 00:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Apple Computer
[2008/11/16 14:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\ArcSoft
[2009/05/13 18:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Autodesk
[2009/02/24 22:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\DriverCure
[2009/05/10 16:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\dvdcss
[2010/04/25 11:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\FastStone
[2009/11/01 17:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Fugawi
[2009/08/24 19:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Genie-Soft
[2007/12/02 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Google
[2010/03/30 00:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\GRETECH
[2008/03/25 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Help
[2007/11/28 18:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\hpqLog
[2010/08/03 21:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\HpUpdate
[2011/02/22 22:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Icones
[2007/11/28 00:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Identities
[2009/03/17 00:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\InstallShield
[2007/11/28 19:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Intel
[2007/11/28 19:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\InterVideo
[2007/11/30 22:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Macromedia
[2011/04/25 15:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Malwarebytes
[2011/04/28 14:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Media Player
[2011/01/29 01:44:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\christian\Application Data\Microsoft
[2007/11/30 19:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Microsoft Web Folders
[2009/03/16 22:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\OfficeUpdate12
[2009/03/17 00:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\OpenOffice.org
[2009/09/10 00:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Real
[2007/11/30 22:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\SampleView
[2011/04/24 09:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Skype
[2011/04/24 08:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\skypePM
[2007/11/28 19:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Sun
[2010/12/26 20:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\U3
[2008/05/07 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Uniblue
[2008/07/29 21:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Uwatec
[2008/01/07 22:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\V-Planner
[2008/01/24 03:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\vlc
[2009/12/10 00:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\christian\Application Data\Voxmobili

< %APPDATA%\*.exe /s >
[2007/03/22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\christian\Application Data\GRETECH\GomPlayer\GrLauncher.exe
[2007/11/28 18:50:57 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\christian\Application Data\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe
[2007/11/28 18:50:28 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\christian\Application Data\Microsoft\Installer\{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}\ARPPRODUCTICON.exe
[2005/06/06 11:29:14 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\christian\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2009/12/22 20:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2006/03/02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CHANGER.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: DISK.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/03/02 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2006/03/02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/02/12 21:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NDIS.SYS >
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/03/02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtUninstallKB912436$\ndis.sys
[2006/01/10 03:01:06 | 000,182,528 | ---- | M] (Microsoft Corporation) MD5=AA898F84D2B59129FB92E143A2C73434 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: RASACD.SYS >
[2006/03/02 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2006/03/02 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPWD.SYS >
[2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
[2006/03/02 14:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys

< MD5 for: SCECLI.DLL >
[2006/03/02 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFLOPPY.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2006/03/02 14:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys

< MD5 for: SPLITTER.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2004/08/04 00:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys
[2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys

< MD5 for: SWMIDI.SYS >
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys

< MD5 for: TCPIP.SYS >
[2006/04/20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/03/02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: TDPIPE.SYS >
[2006/03/02 14:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys

< MD5 for: TDTCP.SYS >
[2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2006/03/02 14:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys

< MD5 for: USBPRINT.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys
[2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys

< MD5 for: USBSCAN.SYS >
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2008/09/19 13:53:11 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys

< MD5 for: USERINIT.EXE >
[2006/03/02 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/02 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

et en deux le Extras.txt
OTL Extras logfile created on: 28/04/2011 14:26:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\christian\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,04 Gb Total Space | 21,26 Gb Free Space | 32,20% Space Free | Partition Type: NTFS
Drive D: | 6,94 Gb Total Space | 0,77 Gb Free Space | 11,03% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 85,09% Space Free | Partition Type: NTFS

Computer Name: CHRISTIA-593F11 | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Documents and Settings\christian\Local Settings\Temporary Internet Files\Content.IE5\8BI32FR5\incredimail_install[1].exe" = C:\Documents and Settings\christian\Local Settings\Temporary Internet Files\Content.IE5\8BI32FR5\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Program Files\eMule\Incoming\eMule0.49c\eMule0.49c\emule.exe" = C:\Program Files\eMule\Incoming\eMule0.49c\eMule0.49c\emule.exe:*:Enabled:eMule
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\OrangeBS\BEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D2963E-8DC6-4D31-A920-4B216CDF5DCD}" = La Toolbar TV5 - Dictionnaires
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BE845CF-4112-4759-BA7F-15E80037AB5B}" = IGN Rando
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D510869-7A43-4DD7-BA97-FA6A68129C00}" = Compact Wireless-G Internet Video Camera
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = Installation de HP Backup and Recovery Manager
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D7-0209-040C-0000-0060B0CE6BBA}" = AutoCAD LT 2004
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69B040CC-E9B1-4769-950E-87786C9E16AD}" = OpenOffice.org 3.2
"{6F8A7834-2600-49E6-9760-9D63E9D5EC8B}" = BIOS Configuration for HP ProtectTools
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CA0170E-6E9E-43A5-AE1F-85A82820B847}" = FreeCompressor
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B4F0ED-69BD-4C37-9F7F-60FB6A692E24}" = Tous Comptes Faits Personnel 2.0.7 Démo
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9AA37DA9-F3FF-4E59-91FF-840C6F42E9F7}_is1" = e-Backup 1.42
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.6 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEWINTERNET-FR-DME}.UninstallSuite" = Business Everywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = Logiciel de Synchronisation Orange
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"920F395BD609DD6D81B90A071594C5CE2AFCDC55" = Windows Driver Package - Suunto Suunto USB Serial Port (03/13/2008 2.04.06)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CardDetector" = Card Detector for Option Icon 225
"Chart Navigator" = Chart Navigator
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_SprtHD5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"D390F91A2C68E2D5F5A5356AAF23C8A76BBB60DC" = Windows Driver Package - Suunto Suunto USB Driver Package (03/13/2008 2.04.06)
"DataTrak" = DataTrak
"eMule" = eMule
"FLVplayer" = FLV Player
"FreePlanner_is1" = Alpha Pre-Release
"GOM Player" = GOM Player
"Google Updater" = Outil de mise à jour Google
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark_HostCD" = Désinstallation du logiciel Lexmark
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Player" = Media Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = Barre d'outils MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrangeToolbarFR" = barre d'outils Orange
"Paint Shop Pro : Support d'appareil photo numérique" = Paint Shop Pro 6 Digital Camera Support
"Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (CD-ROM)
"PDF Complete" = PDF Complete
"Picasa 3" = Picasa 3
"ProInst" = Logiciel Intel(R) PROSet/Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"SiS163u" = 802.11 USB Wireless LAN Adapter
"Suunto Dive Manager_is1" = Suunto Dive Manager 3.0.0
"SuuntoUSBFTDIVista_is1" = Suunto USB Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Tattoons)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"V-Planner_fr_is1" = V-Planner 3.84
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows Mobile Device Handbook" = Manuel de l'appareil Windows Mobile®
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-842925246-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IadahToolbar" = Iadah Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2011 21:37:21 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2124 (0x84c) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.13.3.2.101
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\SWSetup\SP37104\Graphics\igfxdev.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 25/04/2011 21:37:41 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 1008
Description = Le service McShield s'est terminé de manière inattendue. Pour plus
d'informations, consultez l'événement 5019 ou 5051. Le service McShield sera redémarré
dans 60 secondes ;

Error - 25/04/2011 21:56:35 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2180 (0x884) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.13.3.2.101
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\powercfg.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 25/04/2011 21:57:39 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 1008
Description = Le service McShield s'est terminé de manière inattendue. Pour plus
d'informations, consultez l'événement 5019 ou 5051. Le service McShield sera redémarré
dans 60 secondes ;

Error - 26/04/2011 13:55:33 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2740 (0xab4) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.13.3.2.101
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\powercfg.exe

by C:\WINDOWS\system32\wbem\wmiprvse.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 26/04/2011 13:58:08 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 1008
Description = Le service McShield s'est terminé de manière inattendue. Pour plus
d'informations, consultez l'événement 5019 ou 5051. Le service McShield sera redémarré
dans 5 secondes ;

Error - 28/04/2011 08:32:55 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2432 (0x980) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.13.3.2.101
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\powercfg.exe

by C:\Documents and Settings\christian\Bureau\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 28/04/2011 08:33:16 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 1008
Description = Le service McShield s'est terminé de manière inattendue. Pour plus
d'informations, consultez l'événement 5019 ou 5051. Le service McShield sera redémarré
dans 5 secondes ;

Error - 28/04/2011 08:37:58 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
a mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du
thread : 2996 (0xbb4) Adresse du thread : 0x7C91E514 Message du thread : Build VSCORE.13.3.2.101
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\powercfg.exe

by C:\Documents and Settings\christian\Bureau\OTL.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 28/04/2011 08:38:19 | Computer Name = CHRISTIA-593F11 | Source = McLogEvent | ID = 1008
Description = Le service McShield s'est terminé de manière inattendue. Pour plus
d'informations, consultez l'événement 5019 ou 5051. Le service McShield sera redémarré
dans 10 secondes ;

[ System Events ]
Error - 27/04/2011 11:34:05 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Message
d'erreur de référence : Opération réussie. .

Error - 28/04/2011 08:01:02 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 28/04/2011 08:01:02 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 28/04/2011 08:01:02 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Message
d'erreur de référence : Opération réussie. .

Error - 28/04/2011 08:01:05 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 28/04/2011 08:01:05 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 28/04/2011 08:01:05 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .

Error - 28/04/2011 08:01:06 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 28/04/2011 08:01:06 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 28/04/2011 08:01:06 | Computer Name = CHRISTIA-593F11 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .


< End of report >
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 28 Avr 2011 14:33

et pour finir le lien du resultat de Virus total
http://www.virustotal.com/file-scan/rep ... 1303997183

Bon courage et a bientot
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 28 Avr 2011 18:18

Bonsoir :wink:

c'est pas trop mal tout ça...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKLM\..\Toolbar: (Iadah Toolbar) - {3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} - File not found
O3 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O4 - HKU\S-1-5-21-1220945662-842925246-725345543-1003\..\Run: [YnnAflICEeXU] File not found
O33 - MountPoints2\{025726f1-9f1d-11dc-a6c2-001b77a67dac}\Shell - "" = AutoRun
O33 - MountPoints2\{c20a465d-0f61-11e0-ab8a-001b77a67dac}\Shell\AutoRun\command - "" = G:\ReadMe.exe => Infection USB (USB.Troj)
[2011/03/01 23:37:15 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1B.tmp.exe => Infection Diverse (Possible)

:Commands
[emptytemp]
[EMPTYFLASH]


à partir de maintenant Firefox et internet explorer doivent être fermés


* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scanne aller à son terme sans te servir du PC
* A la fin du scanne un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

Ensuite...ton pc à été infecté par un support USB !

Branche tous tes périphériques USB qui stockent des fichiers cela comprend:
  • Les clefs USB
  • Les DD externes (pense à les mettre en position "marche" si nécessaire)
  • Les lecteurs MP3/MP4 (pense à les mettre en position "marche" si nécessaire)
  • Les cartes d'appareils photos
  • etc....
Mais ne les ouvre surtout pas (si ils s'ouvrent, ferme les...)

  • Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.
  • Fais un clic-droit et "exécuter en tant qu'administrateur" sur le raccourci créer par USBFix durant l'installation afin de le lancer.
  • Cliques sur "Suppression", laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.

et enfin,

Télécharge >>> AD-Remover <<< ( de C_XX ) sur ton bureau.

- Double-clique sur le fichier AD-R.exe Image pour lancer le tool.

- Pour Vista /Seven faire un cliques droit sur l'icône et choisir "Exécuter en tant qu'administrateur"

- Cliques sur "Nettoyer".

- Ensuite laisse le scan s'effectuer tranquillement sans te servir du PC

- Poste le rapport.txt qui s'ouvre.

au cas ou,le rapport est sauvegarder ici
C:\AD-Report-scan+"date"

Si jamais tu dois relancer AD-R.exe tu devras te servir du raccourci Imagecréer durant son installation

à tout.... :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: infection cheval de troie

Message le 29 Avr 2011 16:23

salut JM
voila dernier fichier OTL
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1220945662-842925246-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-842925246-725345543-1003\\Software\Microsoft\Windows\CurrentVersion\Run\\YnnAflICEeXU deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{025726f1-9f1d-11dc-a6c2-001b77a67dac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{025726f1-9f1d-11dc-a6c2-001b77a67dac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c20a465d-0f61-11e0-ab8a-001b77a67dac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c20a465d-0f61-11e0-ab8a-001b77a67dac}\ not found.
File G:\ReadMe.exe => Infection USB (USB.Troj) not found.
File C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1B.tmp.exe => Infection Diverse (Possible) not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: christian
->Temp folder emptied: 490372 bytes
->Temporary Internet Files folder emptied: 3477999 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2086 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100762923 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 139021873 bytes

Total Files Cleaned = 233,00 mb


[EMPTYFLASH]

User: All Users

User: christian
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04292011_161811

Files\Folders moved on Reboot...
C:\Documents and Settings\christian\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

et le fichier Usbfix pour ma clef usb
je refait la manip pour mon disque externe car je n'ai qu'un port usb :cry:
############################## | UsbFix 7.044 | [Suppression]

Utilisateur: christian (Administrateur) # CHRISTIA-593F11 [ ]
Mis à jour le 25/04/2011 par TeamXscript
Lancé à 16:43:34 | 29/04/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
CPU 2: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: McAfee VirusScan Enterprise 8.5.0.781 [Enabled | Updated]
RAM -> 2039 Mo
C:\ (%systemdrive%) -> Disque fixe # 66 Go (21 Go libre(s) - 32%) [] # NTFS
D:\ -> Disque fixe # 7 Go (783 Mo libre(s) - 11%) [HP_RECOVERY] # NTFS
E:\ -> Disque fixe # 2 Go (1 Go libre(s) - 85%) [OS_TOOLS] # NTFS
F:\ -> CD-ROM
G:\ -> Disque amovible # 15 Go (14 Go libre(s) - 95%) [RALLY2] # FAT32

################## | Éléments infectieux |


Supprimé! C:\WINDOWS\system32\USB.ocx
Supprimé! C:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003
Supprimé! D:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003
Supprimé! E:\$RECYCLE.BIN\S-1-5-21-3854464434-211150983-1216511478-1006
Supprimé! E:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003

################## | Registre |

Supprimé! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1d7375c8-7617-11de-a951-001b77a67dac}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{4d324d67-1aa2-11e0-ab8b-001b77a67dac}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{5f9e2c53-621d-11de-a935-001b77a67dac}

################## | Listing |

[07/08/2009 - 20:48:07 | D ] C:\1221a61b0d754d5f1e41ff
[30/11/2007 - 11:28:15 | D ] C:\5ef956323dd8e1945c4dc05f1bf703
[18/03/2008 - 20:08:06 | D ] C:\BANQUE
[28/11/2007 - 00:46:14 | SH | 212] C:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] C:\Bootfont.bin
[12/01/2008 - 18:48:06 | D ] C:\Chartkit
[11/12/2010 - 01:25:36 | N | 43] C:\CKINFO.TXT
[21/04/2011 - 20:36:10 | D ] C:\code internet perso
[28/11/2007 - 00:50:21 | N | 0] C:\CONFIG.SYS
[10/12/2007 - 21:21:03 | D ] C:\DI-624
[28/11/2007 - 18:56:54 | N | 3209738] C:\DNSP1.LOG
[12/04/2010 - 19:12:37 | D ] C:\Documents and Settings
[30/11/2007 - 09:53:06 | N | 161] C:\esuinst.log
[30/11/2007 - 09:49:03 | N | 86] C:\esu_xpsp2.log
[02/07/2009 - 21:36:03 | D ] C:\fsaua.data
[30/12/2007 - 02:53:00 | D ] C:\Ftelecom
[29/04/2011 - 16:19:47 | ASH | 2138492928] C:\hiberfil.sys
[28/11/2007 - 18:51:33 | N | 169] C:\HSC.log
[16/06/2010 - 21:39:50 | D ] C:\impots
[30/11/2007 - 10:15:12 | D ] C:\Intel
[30/11/2007 - 09:54:58 | N | 732206] C:\intel_chipset.log
[28/11/2007 - 00:50:21 | N | 0] C:\IO.SYS
[24/08/2009 - 17:27:29 | D ] C:\LaCie sauvegarde info
[21/08/2003 - 15:11:42 | N | 2736] C:\LANG.INI
[30/11/2007 - 09:53:23 | N | 86] C:\logfile.log
[25/04/2010 - 11:02:50 | D ] C:\logiciel ft
[05/04/2011 - 20:43:41 | D ] C:\MAISON
[07/03/2008 - 00:00:21 | D ] C:\MON_SITE
[28/11/2007 - 00:50:21 | N | 0] C:\MSDOS.SYS
[02/03/2006 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[19/09/2008 - 13:57:46 | N | 252240] C:\ntldr
[26/01/2009 - 21:00:50 | D ] C:\openoffice
[26/04/2011 - 03:42:20 | N | 82580] C:\OTL.Txt
[29/04/2011 - 16:19:45 | ASH | 4290772992] C:\pagefile.sys
[20/04/2011 - 14:33:12 | D ] C:\photo
[28/04/2011 - 14:27:51 | N | 512] C:\PhysicalMBR.bin
[13/04/2011 - 07:42:32 | D ] C:\piscine
[21/10/2010 - 21:04:19 | D ] C:\plongee
[26/04/2011 - 18:16:02 | D ] C:\Program Files
[26/04/2011 - 04:24:02 | D ] C:\QUARANTINE
[29/04/2011 - 16:45:33 | SHD ] C:\RECYCLER
[13/10/2010 - 20:16:52 | N | 24064] C:\sat tnt.xls
[21/12/2007 - 18:37:33 | D ] C:\sauvegarde outlook
[08/09/2009 - 23:18:59 | D ] C:\Sauvegarde registre cleaner
[30/11/2007 - 09:53:06 | N | 227] C:\sedinst2.log
[30/11/2007 - 09:55:07 | N | 87] C:\setup.log
[30/11/2007 - 10:28:18 | D ] C:\SP36090
[07/01/2009 - 02:32:45 | N | 268] C:\sqmdata00.sqm
[08/01/2009 - 02:32:13 | N | 268] C:\sqmdata01.sqm
[08/01/2009 - 09:04:16 | N | 268] C:\sqmdata02.sqm
[09/01/2009 - 01:24:17 | N | 268] C:\sqmdata03.sqm
[10/01/2009 - 01:43:07 | N | 268] C:\sqmdata04.sqm
[25/12/2008 - 12:44:05 | N | 268] C:\sqmdata05.sqm
[26/12/2008 - 02:25:13 | N | 268] C:\sqmdata06.sqm
[27/12/2008 - 00:33:52 | N | 268] C:\sqmdata07.sqm
[27/12/2008 - 02:03:17 | N | 268] C:\sqmdata08.sqm
[27/12/2008 - 20:18:43 | N | 268] C:\sqmdata09.sqm
[28/12/2008 - 19:48:25 | N | 268] C:\sqmdata10.sqm
[29/12/2008 - 03:23:36 | N | 268] C:\sqmdata11.sqm
[29/12/2008 - 12:09:38 | N | 268] C:\sqmdata12.sqm
[30/12/2008 - 00:26:46 | N | 268] C:\sqmdata13.sqm
[30/12/2008 - 18:27:42 | N | 268] C:\sqmdata14.sqm
[30/12/2008 - 19:55:04 | N | 268] C:\sqmdata15.sqm
[31/12/2008 - 19:16:06 | N | 268] C:\sqmdata16.sqm
[02/01/2009 - 03:50:54 | N | 268] C:\sqmdata17.sqm
[03/01/2009 - 01:58:57 | N | 268] C:\sqmdata18.sqm
[06/01/2009 - 02:28:53 | N | 268] C:\sqmdata19.sqm
[07/01/2009 - 02:32:45 | N | 244] C:\sqmnoopt00.sqm
[08/01/2009 - 02:32:12 | N | 244] C:\sqmnoopt01.sqm
[08/01/2009 - 09:04:15 | N | 244] C:\sqmnoopt02.sqm
[09/01/2009 - 01:24:17 | N | 244] C:\sqmnoopt03.sqm
[10/01/2009 - 01:43:07 | N | 244] C:\sqmnoopt04.sqm
[25/12/2008 - 12:44:05 | N | 244] C:\sqmnoopt05.sqm
[26/12/2008 - 02:25:13 | N | 244] C:\sqmnoopt06.sqm
[27/12/2008 - 00:33:52 | N | 244] C:\sqmnoopt07.sqm
[27/12/2008 - 02:03:17 | N | 244] C:\sqmnoopt08.sqm
[27/12/2008 - 20:18:43 | N | 244] C:\sqmnoopt09.sqm
[28/12/2008 - 19:48:24 | N | 244] C:\sqmnoopt10.sqm
[29/12/2008 - 03:23:36 | N | 244] C:\sqmnoopt11.sqm
[29/12/2008 - 12:09:38 | N | 244] C:\sqmnoopt12.sqm
[30/12/2008 - 00:26:46 | N | 244] C:\sqmnoopt13.sqm
[30/12/2008 - 18:27:42 | N | 244] C:\sqmnoopt14.sqm
[30/12/2008 - 19:55:04 | N | 244] C:\sqmnoopt15.sqm
[31/12/2008 - 19:16:06 | N | 244] C:\sqmnoopt16.sqm
[02/01/2009 - 03:50:54 | N | 244] C:\sqmnoopt17.sqm
[03/01/2009 - 01:58:57 | N | 244] C:\sqmnoopt18.sqm
[06/01/2009 - 02:28:53 | N | 244] C:\sqmnoopt19.sqm
[21/04/2011 - 19:24:49 | D ] C:\studio
[28/11/2007 - 19:03:23 | N | 24886] C:\sunjava.log
[30/11/2007 - 10:21:13 | D ] C:\SWSetup
[30/11/2007 - 09:53:45 | N | 190] C:\syntpad.log
[28/11/2007 - 00:54:11 | SHD ] C:\System Volume Information
[28/11/2007 - 18:43:46 | D ] C:\SYSTEM.SAV
[20/08/2009 - 22:47:46 | D ] C:\TAHITI
[30/08/2009 - 23:38:04 | N | 923] C:\updatedatfix.log
[29/04/2011 - 16:45:33 | D ] C:\UsbFix
[29/04/2011 - 16:46:16 | A | 1627] C:\UsbFix.txt
[04/10/2009 - 22:42:41 | D ] C:\users
[29/04/2011 - 16:20:19 | D ] C:\WINDOWS
[17/01/2011 - 21:47:05 | N | 2146] C:\WirelessDiagLog.csv
[26/04/2011 - 05:07:30 | D ] C:\_OTL
[21/10/2007 - 20:39:15 | RSHD ] D:\Boot
[30/08/2006 - 11:38:02 | SH | 435752] D:\BOOTMGR
[29/05/2006 - 11:30:28 | N | 778] D:\CSP.DAT
[01/07/2005 - 15:16:54 | SH | 102] D:\Desktop.ini
[22/11/2004 - 19:28:00 | N | 8130] D:\Folder.htt
[21/10/2007 - 20:39:15 | D ] D:\GuiComp
[01/02/2007 - 19:42:40 | N | 76936] D:\Info.exe
[30/11/2007 - 22:05:20 | N | 1228] D:\MASTER.LOG
[12/05/2006 - 16:07:42 | N | 0] D:\NTFS
[21/10/2007 - 20:45:24 | D ] D:\PRELOAD
[21/10/2007 - 20:39:15 | D ] D:\Program Files
[21/10/2007 - 20:39:15 | RSHD ] D:\ProgramData
[10/09/2002 - 14:09:12 | N | 181614] D:\protect.ed
[21/10/2007 - 20:39:15 | RD ] D:\RECOVERY
[29/04/2011 - 16:45:33 | SHD ] D:\RECYCLER
[21/10/2007 - 20:45:25 | D ] D:\sources
[21/10/2005 - 13:12:42 | N | 42] D:\st_log.ini
[28/11/2007 - 01:42:30 | SHD ] D:\System Volume Information
[21/10/2007 - 20:39:15 | D ] D:\Users
[08/02/2002 - 19:44:00 | N | 88038] D:\Warning.bmp
[21/10/2007 - 23:58:25 | D ] D:\Windows
[21/10/2007 - 11:12:01 | SHD ] E:\$RECYCLE.BIN
[21/10/2007 - 09:24:17 | HD ] E:\boot
[21/10/2007 - 09:24:17 | N | 50] E:\HP_WINRE
[29/04/2011 - 16:45:33 | SHD ] E:\RECYCLER
[21/10/2007 - 09:24:02 | D ] E:\sources
[28/11/2007 - 01:42:30 | SHD ] E:\System Volume Information
[02/07/2009 - 14:56:26 | N | 3687955] G:\HelO2_Users_Guide_FR_v3_m56577569830809363.pdf
[22/07/2009 - 20:44:26 | N | 3522241] G:\IMG_0682.JPG
[23/07/2009 - 14:18:36 | N | 211181] G:\IMG_0682-2.JPG
[22/07/2009 - 20:44:34 | N | 4170113] G:\IMG_0683.JPG
[23/07/2009 - 14:19:36 | N | 132248] G:\IMG_0683-3.JPG
[22/07/2009 - 20:44:42 | N | 4109261] G:\IMG_0684.JPG
[22/07/2009 - 20:44:54 | N | 3246760] G:\IMG_0685.JPG
[23/07/2009 - 14:17:34 | N | 229536] G:\IMG_0685-1.JPG
[23/07/2009 - 14:21:14 | N | 305326] G:\IMG_0685-2.JPG
[22/07/2009 - 20:45:02 | N | 3161195] G:\IMG_0686.JPG
[22/07/2009 - 20:45:12 | N | 3777562] G:\IMG_0687.JPG
[23/07/2009 - 14:20:26 | N | 1662766] G:\IMG_0687-1.JPG
[23/07/2009 - 14:21:42 | N | 3224514] G:\IMG_0689.JPG
[15/07/2009 - 09:49:26 | N | 2417011] G:\IMG_0520.jpg
[15/07/2009 - 09:49:34 | N | 2617091] G:\IMG_0521.jpg
[15/07/2009 - 09:50:16 | N | 2462692] G:\IMG_0522.jpg
[15/07/2009 - 09:50:20 | N | 2418611] G:\IMG_0523.jpg
[15/07/2009 - 09:50:34 | N | 1787427] G:\IMG_0525.jpg
[15/07/2009 - 09:50:52 | N | 2042592] G:\IMG_0527.jpg
[15/07/2009 - 09:52:12 | N | 2978327] G:\IMG_0528.jpg
[15/07/2009 - 09:52:26 | N | 2575521] G:\IMG_0530.jpg
[23/07/2009 - 14:12:20 | N | 496632] G:\IMG_0530-1.jpg
[23/07/2009 - 14:36:56 | N | 562429] G:\IMG_0531.jpg
[23/07/2009 - 14:37:16 | N | 1158445] G:\IMG_0533.jpg
[22/07/2009 - 20:44:18 | N | 3269367] G:\IMG_0681.JPG
[24/03/2010 - 15:58:38 | D ] G:\GRETECH
[08/05/2005 - 21:00:20 | N | 799744000] G:\Le contrat des anges 2 (Laure Sinclair,Silvia Saint).avi
[30/03/2010 - 16:52:56 | D ] G:\FastStone Capture
[09/05/2010 - 11:21:44 | N | 1042456] G:\FreeCompressor-setup.exe
[16/11/2010 - 10:41:22 | N | 65536] G:\CB24179177.xls
[17/11/2010 - 16:23:58 | N | 171008] G:\compte .xls
[25/04/2011 - 20:44:46 | D ] G:\OLT

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_CHRISTIA-593F11.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 29 Avr 2011 16:29

le fichier Usbfix avec mon DD externe
############################## | UsbFix 7.044 | [Suppression]

Utilisateur: christian (Administrateur) # CHRISTIA-593F11 [ ]
Mis à jour le 25/04/2011 par TeamXscript
Lancé à 17:25:13 | 29/04/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
CPU 2: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: McAfee VirusScan Enterprise 8.5.0.781 [Enabled | Updated]
RAM -> 2039 Mo
C:\ (%systemdrive%) -> Disque fixe # 66 Go (21 Go libre(s) - 32%) [] # NTFS
D:\ -> Disque fixe # 7 Go (783 Mo libre(s) - 11%) [HP_RECOVERY] # NTFS
E:\ -> Disque fixe # 2 Go (1 Go libre(s) - 85%) [OS_TOOLS] # NTFS
F:\ -> CD-ROM
G:\ -> Disque fixe # 131 Go (115 Go libre(s) - 87%) [Sauve_PC_perso] # NTFS
H:\ -> Disque fixe # 102 Go (71 Go libre(s) - 70%) [Sauv_bureau] # NTFS

################## | Éléments infectieux |


Supprimé! C:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003
Supprimé! D:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003
Supprimé! E:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003
Supprimé! G:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003
Supprimé! H:\$RECYCLE.BIN\S-1-5-21-3222720741-4067066246-2529505581-1000
Supprimé! H:\Recycler\S-1-5-21-1220945662-842925246-725345543-1003

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[07/08/2009 - 20:48:07 | D ] C:\1221a61b0d754d5f1e41ff
[30/11/2007 - 11:28:15 | D ] C:\5ef956323dd8e1945c4dc05f1bf703
[29/04/2011 - 16:46:18 | RASHD ] C:\Autorun.inf
[18/03/2008 - 20:08:06 | D ] C:\BANQUE
[28/11/2007 - 00:46:14 | SH | 212] C:\boot.ini
[02/03/2006 - 14:00:00 | N | 4952] C:\Bootfont.bin
[12/01/2008 - 18:48:06 | D ] C:\Chartkit
[11/12/2010 - 01:25:36 | N | 43] C:\CKINFO.TXT
[21/04/2011 - 20:36:10 | D ] C:\code internet perso
[28/11/2007 - 00:50:21 | N | 0] C:\CONFIG.SYS
[10/12/2007 - 21:21:03 | D ] C:\DI-624
[28/11/2007 - 18:56:54 | N | 3209738] C:\DNSP1.LOG
[12/04/2010 - 19:12:37 | D ] C:\Documents and Settings
[30/11/2007 - 09:53:06 | N | 161] C:\esuinst.log
[30/11/2007 - 09:49:03 | N | 86] C:\esu_xpsp2.log
[02/07/2009 - 21:36:03 | D ] C:\fsaua.data
[30/12/2007 - 02:53:00 | D ] C:\Ftelecom
[29/04/2011 - 16:19:47 | ASH | 2138492928] C:\hiberfil.sys
[28/11/2007 - 18:51:33 | N | 169] C:\HSC.log
[16/06/2010 - 21:39:50 | D ] C:\impots
[30/11/2007 - 10:15:12 | D ] C:\Intel
[30/11/2007 - 09:54:58 | N | 732206] C:\intel_chipset.log
[28/11/2007 - 00:50:21 | N | 0] C:\IO.SYS
[24/08/2009 - 17:27:29 | D ] C:\LaCie sauvegarde info
[21/08/2003 - 15:11:42 | N | 2736] C:\LANG.INI
[30/11/2007 - 09:53:23 | N | 86] C:\logfile.log
[25/04/2010 - 11:02:50 | D ] C:\logiciel ft
[05/04/2011 - 20:43:41 | D ] C:\MAISON
[07/03/2008 - 00:00:21 | D ] C:\MON_SITE
[28/11/2007 - 00:50:21 | N | 0] C:\MSDOS.SYS
[02/03/2006 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[19/09/2008 - 13:57:46 | N | 252240] C:\ntldr
[26/01/2009 - 21:00:50 | D ] C:\openoffice
[26/04/2011 - 03:42:20 | N | 82580] C:\OTL.Txt
[29/04/2011 - 16:19:45 | ASH | 4290772992] C:\pagefile.sys
[20/04/2011 - 14:33:12 | D ] C:\photo
[28/04/2011 - 14:27:51 | N | 512] C:\PhysicalMBR.bin
[13/04/2011 - 07:42:32 | D ] C:\piscine
[21/10/2010 - 21:04:19 | D ] C:\plongee
[26/04/2011 - 18:16:02 | D ] C:\Program Files
[26/04/2011 - 04:24:02 | D ] C:\QUARANTINE
[29/04/2011 - 17:25:34 | SHD ] C:\RECYCLER
[13/10/2010 - 20:16:52 | N | 24064] C:\sat tnt.xls
[21/12/2007 - 18:37:33 | D ] C:\sauvegarde outlook
[08/09/2009 - 23:18:59 | D ] C:\Sauvegarde registre cleaner
[30/11/2007 - 09:53:06 | N | 227] C:\sedinst2.log
[30/11/2007 - 09:55:07 | N | 87] C:\setup.log
[30/11/2007 - 10:28:18 | D ] C:\SP36090
[07/01/2009 - 02:32:45 | N | 268] C:\sqmdata00.sqm
[08/01/2009 - 02:32:13 | N | 268] C:\sqmdata01.sqm
[08/01/2009 - 09:04:16 | N | 268] C:\sqmdata02.sqm
[09/01/2009 - 01:24:17 | N | 268] C:\sqmdata03.sqm
[10/01/2009 - 01:43:07 | N | 268] C:\sqmdata04.sqm
[25/12/2008 - 12:44:05 | N | 268] C:\sqmdata05.sqm
[26/12/2008 - 02:25:13 | N | 268] C:\sqmdata06.sqm
[27/12/2008 - 00:33:52 | N | 268] C:\sqmdata07.sqm
[27/12/2008 - 02:03:17 | N | 268] C:\sqmdata08.sqm
[27/12/2008 - 20:18:43 | N | 268] C:\sqmdata09.sqm
[28/12/2008 - 19:48:25 | N | 268] C:\sqmdata10.sqm
[29/12/2008 - 03:23:36 | N | 268] C:\sqmdata11.sqm
[29/12/2008 - 12:09:38 | N | 268] C:\sqmdata12.sqm
[30/12/2008 - 00:26:46 | N | 268] C:\sqmdata13.sqm
[30/12/2008 - 18:27:42 | N | 268] C:\sqmdata14.sqm
[30/12/2008 - 19:55:04 | N | 268] C:\sqmdata15.sqm
[31/12/2008 - 19:16:06 | N | 268] C:\sqmdata16.sqm
[02/01/2009 - 03:50:54 | N | 268] C:\sqmdata17.sqm
[03/01/2009 - 01:58:57 | N | 268] C:\sqmdata18.sqm
[06/01/2009 - 02:28:53 | N | 268] C:\sqmdata19.sqm
[07/01/2009 - 02:32:45 | N | 244] C:\sqmnoopt00.sqm
[08/01/2009 - 02:32:12 | N | 244] C:\sqmnoopt01.sqm
[08/01/2009 - 09:04:15 | N | 244] C:\sqmnoopt02.sqm
[09/01/2009 - 01:24:17 | N | 244] C:\sqmnoopt03.sqm
[10/01/2009 - 01:43:07 | N | 244] C:\sqmnoopt04.sqm
[25/12/2008 - 12:44:05 | N | 244] C:\sqmnoopt05.sqm
[26/12/2008 - 02:25:13 | N | 244] C:\sqmnoopt06.sqm
[27/12/2008 - 00:33:52 | N | 244] C:\sqmnoopt07.sqm
[27/12/2008 - 02:03:17 | N | 244] C:\sqmnoopt08.sqm
[27/12/2008 - 20:18:43 | N | 244] C:\sqmnoopt09.sqm
[28/12/2008 - 19:48:24 | N | 244] C:\sqmnoopt10.sqm
[29/12/2008 - 03:23:36 | N | 244] C:\sqmnoopt11.sqm
[29/12/2008 - 12:09:38 | N | 244] C:\sqmnoopt12.sqm
[30/12/2008 - 00:26:46 | N | 244] C:\sqmnoopt13.sqm
[30/12/2008 - 18:27:42 | N | 244] C:\sqmnoopt14.sqm
[30/12/2008 - 19:55:04 | N | 244] C:\sqmnoopt15.sqm
[31/12/2008 - 19:16:06 | N | 244] C:\sqmnoopt16.sqm
[02/01/2009 - 03:50:54 | N | 244] C:\sqmnoopt17.sqm
[03/01/2009 - 01:58:57 | N | 244] C:\sqmnoopt18.sqm
[06/01/2009 - 02:28:53 | N | 244] C:\sqmnoopt19.sqm
[21/04/2011 - 19:24:49 | D ] C:\studio
[28/11/2007 - 19:03:23 | N | 24886] C:\sunjava.log
[30/11/2007 - 10:21:13 | D ] C:\SWSetup
[30/11/2007 - 09:53:45 | N | 190] C:\syntpad.log
[28/11/2007 - 00:54:11 | SHD ] C:\System Volume Information
[28/11/2007 - 18:43:46 | D ] C:\SYSTEM.SAV
[20/08/2009 - 22:47:46 | D ] C:\TAHITI
[30/08/2009 - 23:38:04 | N | 923] C:\updatedatfix.log
[29/04/2011 - 17:25:34 | D ] C:\UsbFix
[29/04/2011 - 17:25:34 | A | 1547] C:\UsbFix.txt
[29/04/2011 - 16:46:19 | N | 34887] C:\UsbFix_Upload_Me_CHRISTIA-593F11.zip
[04/10/2009 - 22:42:41 | D ] C:\users
[29/04/2011 - 16:20:19 | D ] C:\WINDOWS
[17/01/2011 - 21:47:05 | N | 2146] C:\WirelessDiagLog.csv
[26/04/2011 - 05:07:30 | D ] C:\_OTL
[29/04/2011 - 16:46:18 | RASHD ] D:\Autorun.inf
[21/10/2007 - 20:39:15 | RSHD ] D:\Boot
[30/08/2006 - 11:38:02 | SH | 435752] D:\BOOTMGR
[29/05/2006 - 11:30:28 | N | 778] D:\CSP.DAT
[01/07/2005 - 15:16:54 | SH | 102] D:\Desktop.ini
[22/11/2004 - 19:28:00 | N | 8130] D:\Folder.htt
[21/10/2007 - 20:39:15 | D ] D:\GuiComp
[01/02/2007 - 19:42:40 | N | 76936] D:\Info.exe
[30/11/2007 - 22:05:20 | N | 1228] D:\MASTER.LOG
[12/05/2006 - 16:07:42 | N | 0] D:\NTFS
[21/10/2007 - 20:45:24 | D ] D:\PRELOAD
[21/10/2007 - 20:39:15 | D ] D:\Program Files
[21/10/2007 - 20:39:15 | RSHD ] D:\ProgramData
[10/09/2002 - 14:09:12 | N | 181614] D:\protect.ed
[21/10/2007 - 20:39:15 | RD ] D:\RECOVERY
[29/04/2011 - 17:25:34 | SHD ] D:\RECYCLER
[21/10/2007 - 20:45:25 | D ] D:\sources
[21/10/2005 - 13:12:42 | N | 42] D:\st_log.ini
[28/11/2007 - 01:42:30 | SHD ] D:\System Volume Information
[21/10/2007 - 20:39:15 | D ] D:\Users
[08/02/2002 - 19:44:00 | N | 88038] D:\Warning.bmp
[21/10/2007 - 23:58:25 | D ] D:\Windows
[29/04/2011 - 16:45:33 | SHD ] E:\$RECYCLE.BIN
[29/04/2011 - 16:46:18 | RASHD ] E:\Autorun.inf
[21/10/2007 - 09:24:17 | HD ] E:\boot
[21/10/2007 - 09:24:17 | N | 50] E:\HP_WINRE
[29/04/2011 - 17:25:34 | SHD ] E:\RECYCLER
[21/10/2007 - 09:24:02 | D ] E:\sources
[28/11/2007 - 01:42:30 | SHD ] E:\System Volume Information
[10/12/2010 - 23:22:11 | N | 13323378] G:\DmailerSync.zip
[10/12/2010 - 23:22:22 | D ] G:\LaCieSyncData
[24/08/2009 - 22:59:14 | N | 4648960] G:\LaCieSync_v7_1_028.exe
[29/04/2011 - 17:25:34 | SHD ] G:\RECYCLER
[24/08/2009 - 23:38:18 | D ] G:\sauvegarde
[10/12/2010 - 23:53:35 | SHD ] G:\System Volume Information
[29/12/2009 - 19:24:21 | SHD ] H:\$RECYCLE.BIN
[29/12/2009 - 19:50:31 | D ] H:\.db
[29/12/2009 - 19:49:15 | D ] H:\.pl
[29/12/2009 - 21:40:35 | D ] H:\kris
[25/08/2009 - 10:38:07 | D ] H:\Local
[29/04/2011 - 17:25:34 | SHD ] H:\RECYCLER
[10/12/2010 - 23:53:35 | SHD ] H:\System Volume Information
[25/08/2009 - 10:45:27 | D ] H:\VirusScan

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
H:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_CHRISTIA-593F11.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
a+ pour la suite
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 29 Avr 2011 16:56

et pour finir le fichier AD R
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:32:58 le 29/04/2011, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
christian@CHRISTIA-593F11 ( )

============== ACTION(S) ==============


Dossier supprimé: C:\Program Files\SGPSA
Dossier supprimé: C:\Program Files\OfferBoxSearch

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé supprimée: HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé supprimée: HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé supprimée: HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
Clé supprimée: HKLM\Software\Classes\AppID\BHO.dll
Clé supprimée: HKLM\Software\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Clé supprimée: HKLM\Software\freeCompressor
Clé supprimée: HKCU\Software\FBSearch
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C9F6507-106F-4917-BB29-1829492E32BF}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92F2BCC1-D65D-4767-B4C4-3E59694E6B93}


============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{AEEC3B59-CA98-4EBA-A140-57B94E283583} (x)
HKCU_SearchScopes\{BEFAD34B-ADEB-44F4-9CC5-65910502CC2C} - "Orange" (hxxp://www.orange.fr/bin/frame1px.cgi?u ... 3Frdata%3D{search...)
HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x)
HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll)
HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll)
HKLM_Toolbar|{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} (x)
HKLM_Toolbar|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll)
HKLM_Toolbar|{D3028143-6145-4318-99D3-3EDCE54A95A9} (C:\Program Files\Orange Toolbar FR\ToolbarContainer101000313.dll)
HKCU_ElevationPolicy\{D3DE705E-0BB6-47E6-AB61-6FF78BE040A0} - C:\Program Files\Internet Explorer\minftnet.exe (Synersoft)
HKLM_ElevationPolicy\{43023B0B-C598-4935-808C-990E0C700723} - C:\Program Files\DevNet\Toolbar\DevNetUpdater.exe (x)
HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MI3AA1~1\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre6\bin\ssv.dll)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll)
BHO\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - "ST" (C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll)
BHO\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - "MSNToolBandBHO" (C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 13 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 29/04/2011 17:33:08 (577 Octet(s))

Fin à: 17:33:56, 29/04/2011

============== E.O.F ==============

oufff a+
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 29 Avr 2011 17:13

Bonsoir,

C'est pas mal du tout... :wink:

Comment se comporte ton PC maintenant ?
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: infection cheval de troie

Message le 29 Avr 2011 18:24

bien même très bien, je te remercie
que me conseille-tu pour que cette aventure ne se reproduise ?
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 29 Avr 2011 18:59

bonnes nouvelles :wink:

Nous allons faire deux choses importantes:
1.Désinstaller les outils utilisés pour la désinfections (Sauf Malwarebyte que tu garderas pour faire un scanne par semaine en prenant soin de le mettre à jour avant chaque scanne)
2.Mettre ton système à jour afin que les failles de sécurité Windows et applications soient réduite au minimum

Relance USBfix et AD-R pour les désinstaller en cliquant sur "Désinstaller"
Relance OTL et cliques sur "Purge outils", laisse le travailler et accepte le redémarrage du PC...

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers fais cela...


  • Télécharge et installe Ccleaner en te rendant sur >> cette page <<
  • Clique en haut à droite de la page sur "Download Lastest Version" pour lancer le téléchargement.
  • Installe le et lance le...
  • Dans la barre d'outil à gauche, clique sur "Nettoyer" (en bas à droite)
  • Recommence cette opération jusqu'à ce que le message "0 octets supprimés" apparaisse dans la fenêtre de résultat.
  • Pour info ce nettoyage peu aussi s'effectuer de manière transparente collant Ccleaner /auto dans la commande "Exécuter" du menu démarrer.

=====================================================================================================

Pense à mettre à jours Windows:

  • La méthode la plus simple et l'utilisation de "Windows Update" qui se trouve dans ton menu démarrer


Pense à mettre à jours Java:


Pense à mettre à jour Acrobat reader si il est installé sur ton PC de cette manière:

  • Ouvre Acrobat reader, clique sur "aide" et choisis "rechercher des mises à jours..."

========================================================================================================
Procède à une Défragmentation afin d'optimiser les temps d'accès du disque dur lors de la lecture des :

  • Pour lancer une défragmentation, double-clique sur Poste de Travail,clic-droit sur le disque à défragmenter puis sur Propriétés.
  • Choisis l'onglet Outils puis clique sur défragmenter maintenant .
  • Cette opération est à renouveler régulièrement ( Environs une fois par mois ).

Image

=====================================================================================================





un peu de lecture sur la manière de protéger ton surf et ton ordinateur:


Si tu as des questions n'hésite pas à les poser 8)

Ravi d'avoir pu t'aider et bon Weekend :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: infection cheval de troie

Message le 29 Avr 2011 20:43

est-ce que je garde Malwarebytes ? et j'ai supprimé l'icone de Usb.. qui restai sur le bureau.
christian ajaccio
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 15
Inscription: 25 Avr 2011 16:09
 

Re: infection cheval de troie

Message le 29 Avr 2011 20:53

christian ajaccio a écrit:est-ce que je garde Malwarebytes ?


oui, comme ça tu fais un scanne par semaine avec...

C'est une version gratuite, donc la mise à jour n'est pas automatique, il te faudra faire cette MAJ avant chaque scanne en cliquant sur l’onglet "Mise à jour" puis sur "rechercher des mise "à jours" :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Précédente


Sujets similaires

Message [Résolu] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran à droite, elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais elles reviennent,principalement ca concerne ...
Réponses: 22

Message Suspicion d'infection
Bonjour,Il y a peu mon PC m'a paru ralenti et répondant bizarrement.Voici les rapports FRST.Merci d'avance.JF
Réponses: 3

Message [Réglé] infection probable
Bonjour à tousalors voila, je pense être infecter par virus et ou malware, ou quelqu'un, depuis un bon moment j'ai des bannières qui viennent ce glisser et entrer sur mon écran en bas à droite, dans la journée elles apparaissent par 3 l'une sur l'autre, je peut les fermer, mais sitôt que je quitte ...
Réponses: 12

Message [Réglé] vérification possible infection ou autres
bonjour a tous, j'ai mon PC qui ralenti fort en ce moment, un disque qui est a 100% d'activité alors qu'il est a 50% sur le processus et une impossibilité de désinstaller CCLEANER et MALWARmerci de votre aide
Réponses: 28

Message reconnaitre un cheval de troyes et solution
Bonjour, comment reconnait't'on si notre PC est atteint par un cheval de troyes ? ,
Réponses: 7

Message [Réglé] infection ou pas pc
ci joint le rapport zhp
Réponses: 14

Message Infection
Bonjour, Je suis nouveau sur votre Forum, à vrai dire c'est la 1er fois que je m'inscris puisque je trouve facilement mes réponses sur d'autres topics en général. Mais là, c'est un peu trop compliqué pour moi. Je suis débrouillard en informatique mais pas expert ! Voilà mes problèmes, dans mes appli ...
Réponses: 7


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.