Bonjour,

Je navigue sur internet avec Firefox et toutes les 5mn s'ouvre une nouvelle page Firefox avec de la Publicité.

Comment faire pour ne pas en reçevoir.

Pour info, je suis obligé de couper mon firewall.

Merci et bonne journée

bonjour

installer adblock plus :pour cela aller dans les modules complementaires de firefox puis dans extensions apres suivre les instructions

Alameda.

Passe Malwarebytes pour écarter une eventuelle infection faire une mise à jour et post le rapport.

Faire un scanner complet.

https://forum.pcastuces.com/sujet.asp?f=31&s=3

ok,

je viens d'intaller adbock plus et je vous transmet le rapport des qu'il est terminé

Merci de votre aide

Voila!!!! J'ai peurrrr

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4599

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/09/2010 10:00:32
mbam-log-2010-09-12 (10-00-32).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 163775
Temps écoulé: 14 minute(s), 21 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 295

Processus mémoire infecté(s):
C:\documents and settings\Laurent\local settings\application data\ldcqh.exe (Adware.Navipromo.H) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ldcqh (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qisdrmss (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jncontmon (Trojan.Ddox) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-2448481773-4613455799-703541006-3851\rundll32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-5209351563-1876374601-009805600-8271\yv8g67.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Laurent\Local Settings\Application Data\qteitdh_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\qteitdh_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\qteitdh.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\ldcqh_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\ldcqh_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\ldcqh.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Application Data\ldcqh.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qodesnaq.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssjitsys32.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ncxpnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\298.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\543.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\577.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\785.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\140.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\702.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\777.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\915.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\675.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\137.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\142.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\220.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\385.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\840.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\746.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\190.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\217.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\511.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\826.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\6.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\982.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\296.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\498.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\980.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\451.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\340.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\411.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\685.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\281.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\960.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\882.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\829.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\609.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\954.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\013.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\218.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\144.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\305.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\456.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\877.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\264.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\992.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\247.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\800.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\731.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\827.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\414.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\905.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\756.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\923.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\614.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\899.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\631.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\996.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\120.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\969.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\317.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\691.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\184.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\306.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\975.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\180.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\740.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\559.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\107.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\839.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\889.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\978.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\716.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\721.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\593.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\515.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\197.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\544.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\780.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\534.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\788.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\136.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\452.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\440.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\082.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\893.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\537.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\678.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\100.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\627.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\501.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\533.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\869.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\531.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\467.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\099.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\495.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\938.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\670.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\025.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\419.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\065.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\959.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\041.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\259.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\023.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\028.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\373.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\366.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\255.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\316.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\252.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\683.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\049.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\076.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\680.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\763.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\773.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\301.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\527.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\482.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\312.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\071.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\251.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\682.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\758.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\448.exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\fcewefmwlo[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\dwdw[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\fffffffewf[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\ewfwqwqd[1].exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\bgrefgewq5[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\cfefcew[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\feiewhj[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\fefewhj[1].exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\pdieiuw2b[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\bswqhbu1[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\sbwqjbnuj5[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\cemimn3[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\dcenikn6[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\dcenlkn4[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\fewfewq2[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\bern4[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\gbtrgrwe3[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\ercfewn8[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\cfewn6[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0JGJOD8N\hbtrhre7[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\fefefgrgre[1].exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\vvewew[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\cfewwdq[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\fekoikj[1].exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\fdwenjk[1].exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\dfwemklm[1].exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\fvrgrefwe5[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\bhntere3[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\I5WT4V47\cscew4[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\vfewfeww[1].exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\dewfew[1].exe (VirTool.CeeInject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\vfwefew[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\cwdwq[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\feqfewwe[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\feninm5[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\fedwjiknjm1[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\dfefjeio[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\feodd[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\ejmwij[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\opsjkwd[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\cvdsdceas5[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\WDGPGJAL\dewrt6[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\fewfew5[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\dwdws1[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\vgrgvewwe[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\vewfqwe[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\fefjeoij[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\femeioje[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\dfwejmij[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\ewklm[1].exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\a[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\2LCTMV25\dcwnikn5[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\jmnomo4[1].exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\cnmwqin5[1].exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\cewmlm3[1].exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\vrefwew3[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\cdcd4[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\vfrr2[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\vefr10[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\vgrs8[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\vgefwq[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\fegfemlo5[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\fefefeede[1].exe (Trojan.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\fcwqfdwq[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\vgrfwq[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\fvweew[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\fewfvew[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\0XYZ4127\frwegowekjo[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\dewni7[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\gvrewfew[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\gfwefwqe[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\vgveqew[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\fewfew[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\fmeo[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\vwfewd1[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\fgfewoj[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\fewfgeowjk[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\fewfewkhj[1].exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\dfewfij[1].exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\drfewkji[1].exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\feewijh5[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\vewmknm[1].exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\vcdkowk[1].exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\NU75LDJF\fewmkojk[1].exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\vgbees6[1].exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\deqwfqwn2[1].exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\fewfew1[1].exe (BackDoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\vreee7[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\dfew3[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\dfewe4[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\dewdewjn8[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\fcryrt3[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\cewmniom6[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\fewfewe[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\fcewfew[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\vwevewewq[1].exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\grekoj[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\frwegowekjo[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\feiewhj[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\A86P7TC4\fejkfwo[1].exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\gtere6[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\few7[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\freewd2[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\cdsmk2[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\cemkn7[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\vdsfe7[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\cde3[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\vrese6[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\vrefse4[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\dwdfw[1].exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\fewfdwq[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\fefweww[1].exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\fefejio[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\fefefew[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\demjkn[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\fefjeio[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\fejeo1[1].exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\93B9JDBO\cdmcikmn[1].exe (Trojan.Ddox) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\xitupfgbr.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\n0jo86a81mx.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\dez081grsn.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\iiduupgg.exe (Trojan.Refroso.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Mes documents\patch.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Bureau\keyfinder.exe (Application.FindKey) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1ED41AA-B97C-42D6-8E9E-3E91FA721746}\RP218\A0029477.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1ED41AA-B97C-42D6-8E9E-3E91FA721746}\RP218\A0029478.EXE (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1ED41AA-B97C-42D6-8E9E-3E91FA721746}\RP218\A0029479.exe (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1ED41AA-B97C-42D6-8E9E-3E91FA721746}\RP218\A0029480.exe (Trojan.DDox) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1ED41AA-B97C-42D6-8E9E-3E91FA721746}\RP218\A0029481.EXE (Trojan.Lethic) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1ED41AA-B97C-42D6-8E9E-3E91FA721746}\RP163\A0028740.exe (BackDoor.Refroso) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-5209351563-1876374601-009805600-8271\yv8g67.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\SysWoW32\@u1980338303v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1980338303v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1980338303v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1980338303v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1980338303v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1980338303v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1980338303v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1980338303v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1980338303v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sl501352679 (Trojan.Tracur) -> Quarantined and deleted successfully.

alameda

Clique sur le triangle jaune et dans la fenetre que s'ouvre demande le transfer vers le "Forum Sécurité" et en attendand fais ceci (sans Malwae,puisque tu viens de le faire)

https://forum.pcastuces.com/aide_au_diagnostic_un_pc_infecte_pcastuces-f25s17490.htm (Nardino)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Laurent at 2010-09-12 10:11:31
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 13 GB (41%) free of 32 GB
Total RAM: 2792 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:37, on 12/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Laurent\Bureau\RSIT.exe
C:\Program Files\trend micro\Laurent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [efaa6m] C:\WINDOWS\system32\e6qq6cc6.exe
O4 - HKCU\..\Run: [okaawmm] C:\WINDOWS\system32\9k1gccx.exe
O4 - HKCU\..\Run: [bssnee] C:\WINDOWS\system32\a9w1soojaa.exe
O4 - HKCU\..\Run: [efv70] C:\WINDOWS\system32\91qbcxd.exe
O4 - HKCU\..\Run: [otjpk0r] C:\WINDOWS\system32\mhxytjkfgb.exe
O4 - HKCU\..\Run: [mmhyy] C:\WINDOWS\system32\0xtoo6a.exe
O4 - HKCU\..\Run: [qqmcc] C:\WINDOWS\system32\a1wssnee.exe
O4 - HKCU\..\Run: [riidu] C:\WINDOWS\system32\m1ieezqq.exe
O4 - HKCU\..\Run: [dejfaa] C:\WINDOWS\system32\xtjjfvvr.exe
O4 - HKCU\..\Run: [mrsyjee] C:\WINDOWS\system32\9c1yuup.exe
O4 - HKCU\..\Run: [ssoee6] C:\WINDOWS\system32\lccxoojaavm.exe
O4 - HKCU\..\Run: [pklgcc] C:\WINDOWS\system32\6gg6ss6.exe
O4 - HKCU\..\Run: [qlccxoo] C:\WINDOWS\system32\vmmhyytk.exe
O4 - HKCU\..\Run: [ieezq] C:\WINDOWS\system32\dzuu6gg6.exe
O4 - HKCU\..\Run: [jkplgg] C:\WINDOWS\system32\e70fbww6i.exe
O4 - HKCU\..\Run: [ydzuu6g] C:\WINDOWS\system32\vmmhyytkkfw.exe
O4 - HKCU\..\Run: [gwwsii] C:\WINDOWS\system32\v0bxss6ee.exe
O4 - HKCU\..\Run: [bchdyy6] C:\WINDOWS\system32\9c1yuup.exe
O4 - HKCU\..\Run: [eeaqq6] C:\WINDOWS\system32\xoojaavmmhy.exe
O4 - HKCU\..\Run: [yzuqql] C:\WINDOWS\system32\too6aa6mm.exe
O4 - HKCU\..\Run: [nijeaav] C:\WINDOWS\system32\njee6qq6.exe
O4 - HKCU\..\Run: [bxnnjz] C:\WINDOWS\system32\bssneezq.exe
O4 - HKCU\..\Run: [too6a] C:\WINDOWS\system32\h0njee6qq.exe
O4 - HKCU\..\Run: [dejfaa6] C:\WINDOWS\system32\w3yytkkfwwr.exe
O4 - HKCU\..\Run: [awmm6] C:\WINDOWS\system32\0ccxooj.exe
O4 - HKCU\..\Run: [vmmhyy] C:\WINDOWS\system32\jjfvvrhhdtt.exe
O4 - HKCU\..\Run: [fbrrnd] C:\WINDOWS\system32\k70lhcc6o.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: 0dzuu6g.exe
O4 - Startup: ttpffbrrndd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O20 - Winlogon Notify: VMUpgradeAtShutdown - VMUpgradeAtShutdownWXP.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: TP VC Gateway Service (TPVCGateway) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
O23 - Service: Aide de la mise à niveau VMware (VMUpgradeHelper) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
O23 - Service: Service d'aide du disque physique VMware (VMware Physical Disk Helper Service) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8798 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-13 13545472]
"nwiz"=nwiz.exe /install []
"Apple_KbdMgr"=C:\Program Files\Boot Camp\KbdMgr.exe [2008-10-13 431408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-13 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-13 16864768]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-10-13 57344]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]
"VMware Tools"=C:\Program Files\VMware\VMware Tools\VMwareTray.exe [2010-05-21 186928]
"VMware User Process"=C:\Program Files\VMware\VMware Tools\VMwareUser.exe [2010-05-21 1104432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"efaa6m"=C:\WINDOWS\system32\e6qq6cc6.exe []
"okaawmm"=C:\WINDOWS\system32\9k1gccx.exe []
"bssnee"=C:\WINDOWS\system32\a9w1soojaa.exe []
"efv70"=C:\WINDOWS\system32\91qbcxd.exe []
"otjpk0r"=C:\WINDOWS\system32\mhxytjkfgb.exe []
"mmhyy"=C:\WINDOWS\system32\0xtoo6a.exe []
"qqmcc"=C:\WINDOWS\system32\a1wssnee.exe []
"riidu"=C:\WINDOWS\system32\m1ieezqq.exe []
"dejfaa"=C:\WINDOWS\system32\xtjjfvvr.exe []
"mrsyjee"=C:\WINDOWS\system32\9c1yuup.exe []
"ssoee6"=C:\WINDOWS\system32\lccxoojaavm.exe []
"pklgcc"=C:\WINDOWS\system32\6gg6ss6.exe []
"qlccxoo"=C:\WINDOWS\system32\vmmhyytk.exe []
"ieezq"=C:\WINDOWS\system32\dzuu6gg6.exe []
"jkplgg"=C:\WINDOWS\system32\e70fbww6i.exe []
"ydzuu6g"=C:\WINDOWS\system32\vmmhyytkkfw.exe []
"gwwsii"=C:\WINDOWS\system32\v0bxss6ee.exe []
"bchdyy6"=C:\WINDOWS\system32\9c1yuup.exe []
"eeaqq6"=C:\WINDOWS\system32\xoojaavmmhy.exe []
"yzuqql"=C:\WINDOWS\system32\too6aa6mm.exe []
"nijeaav"=C:\WINDOWS\system32\njee6qq6.exe []
"bxnnjz"=C:\WINDOWS\system32\bssneezq.exe []
"too6a"=C:\WINDOWS\system32\h0njee6qq.exe []
"dejfaa6"=C:\WINDOWS\system32\w3yytkkfwwr.exe []
"awmm6"=C:\WINDOWS\system32\0ccxooj.exe []
"vmmhyy"=C:\WINDOWS\system32\jjfvvrhhdtt.exe []
"fbrrnd"=C:\WINDOWS\system32\k70lhcc6o.exe []

C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
0dzuu6g.exe
ttpffbrrndd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
C:\WINDOWS\system32\TPSvc.dll [2010-02-09 484616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll [2010-05-21 37424]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\32nd America's Cup\VskAC32.exe"="C:\Program Files\32nd America's Cup\VskAC32.exe:*:Enabled:VskAC32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-12 10:11:32 ----D---- C:\Program Files\trend micro
2010-09-12 10:11:31 ----D---- C:\rsit
2010-09-12 10:01:35 ----A---- C:\WINDOWS\system32\drivers\ettu.sys
2010-09-12 09:43:52 ----D---- C:\Documents and Settings\Laurent\Application Data\Malwarebytes
2010-09-12 09:43:48 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-12 09:43:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-12 09:43:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-12 09:43:47 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-12 08:43:27 ----D---- C:\Program Files\FileZilla FTP Client
2010-09-05 20:46:58 ----ASH---- C:\hiberfil.sys
2010-08-13 15:36:11 ----HD---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-13 15:36:06 ----HD---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 15:36:01 ----HD---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 15:35:53 ----HD---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 15:35:45 ----HD---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 15:33:46 ----HD---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 15:33:41 ----HD---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 15:32:31 ----HD---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-13 15:32:25 ----HD---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-13 15:32:19 ----HD---- C:\WINDOWS\$NtUninstallKB982665$

======List of files/folders modified in the last 1 months======

2010-09-11 00:07:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-05 18:46:46 ----A---- C:\WINDOWS\system32\wpa.bak
2010-08-13 15:36:10 ----A---- C:\WINDOWS\imsins.BAK
2010-08-13 15:35:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver; \??\C:\WINDOWS\system32\drivers\VSPE.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 vmhgfs;vmhgfs; C:\WINDOWS\System32\DRIVERS\vmhgfs.sys [2010-05-21 129200]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-24 12032]
R2 KeyAgent;KeyAgent; \??\C:\WINDOWS\system32\drivers\KeyAgent.sys []
R2 MacHALDriver;Mac HAL; \??\C:\WINDOWS\system32\drivers\MacHALDriver.sys []
R2 VMMEMCTL;Pilote de commande de mémoire; \??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys []
R3 applemtm;Apple Multitouch Mouse; C:\WINDOWS\system32\DRIVERS\applemtm.sys [2008-10-13 10496]
R3 applemtp;Apple Multitouch; C:\WINDOWS\system32\DRIVERS\applemtp.sys [2008-10-13 19456]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-13 4878336]
R3 IRRemoteFlt;IR Receiver Filter Driver; C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2008-10-13 16512]
R3 KeyMagic;USB Keyboard HID Filter; C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2008-10-13 22528]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-24 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-13 6614336]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-10-13 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-10-13 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-10-13 13952]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S0 iaksvc;iaksvc; C:\WINDOWS\System32\drivers\ettu.sys [2010-09-12 54016]
S1 vmdebug;VMware Replay Debugging Helper; \??\C:\WINDOWS\system32\Drivers\vmdebug.sys []
S1 vmrawdsk;Aide du disque physique VMware Vista; \??\C:\Program Files\VMware\VMware Tools\vmrawdsk.sys []
S3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-13 1386624]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 vmci;VMware VMCI Bus Driver; C:\WINDOWS\system32\DRIVERS\vmci.sys [2010-02-09 61488]
S3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2010-05-21 11440]
S3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2010-05-21 28080]
S3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2010-05-21 36912]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppleOSSMgr;Apple OS Switch Manager; C:\WINDOWS\system32\AppleOSSMgr.exe [2008-10-13 136496]
R2 AppleTimeSrv;Apple Time Service; C:\WINDOWS\system32\AppleTimeSrv.exe [2008-10-13 99632]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-13 159812]
R2 VMUpgradeHelper;Aide de la mise à niveau VMware; C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe [2010-05-21 174640]
R2 VMware Physical Disk Helper Service;Service d'aide du disque physique VMware; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [2010-05-21 379440]
S2 VMTools;VMware Tools Service; C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2010-05-21 50224]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TPAutoConnSvc;TP AutoConnect Service; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [2010-02-09 255304]
S3 TPVCGateway;TP VC Gateway Service; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2010-05-21 390432]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-24 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

alameda;

Eh bien tu as une sacrée infection.

Demande de faire déplacer ton sujet au forum sécurité clic sur le triangle jaune au dessus de ton post.

Une personne du GS va s'occuper de toi.

Bon dimanche.

Merci à vous,

Je viens de cliquer sur le triangle jaune pour demander de l'aide

alameda

Eh bah! dis donc

Il y a en des invités chez toi qu'est.ce qu'ils ont du s'amuser

Mais avec les membres du GS, c'est fini la fête

En attendand la prise en charge(c'est dimanche) tu peux déjà lire ceci:

Pratiquer un Internet Sain

Une des raisons principales pour laquelle les gens se font infecter est en premier lieu le fait qu'ils ont une très mauvaise pratique de l'internet. Pratiquer un internet sain c'est s'auto éduquer, posséder des outils de sécurité et en avoir une bonne pratique. Connaitre les raisons de son infection ainsi que les fichiers et ou les sites responsables, permettrons alors de faire de ta machine, une machine plus saine. Ceci est le principal point pour avoir toujours une machine propre. En réalité la plupart des gens qui sont infectés c'est parce qu'ils ont cliqués sur un lien ou \ et un fichier alors qu'ils n'auraient pas duent. Ci-dessous une liste de recommandations à suivre et à connaitre afin de conserver son ordinateur propre et sécurisé.

1. Si tu reçois une pièce jointe d'un inconnu, NE PAS OUVRIR, c'est aussi simple que cela. Ouvrir cette pièce jointe provenant d'un inconnu, est une méthode commune pour infecter un ordinateur avec un vers ou un virus.
   
   
2. Si tu reçois une pièce jointe avec à la fin l'une les extension suivantes, .exe, .com, .bat, ou .pif ne pas ouvrir jusqu'a ce que tu sois certain(e) que ce fichier est sain. Normalement tu ne devrais jamais recevoir ce type de fichier, si toutefois cela était le cas, avant prends les précautions suivantes. Demande à son expéditeur si il es bien l'auteur de mail, teste ce fichier avec ton antivirus.
   
   
3. Si tu reçois une pièce jointe d'une personne que tu connais, et que celle-ci te semble suspecte, c'est probablement le cas. Alors cet email provient d'une personne infectée avec un Malware (virus) qui tente d'infecter à son tour tout les contacts de son carnet d'adresse.
   
   
4. Si tu surfes sur le web (Internet) et qu'un PopUp (fenêtre) apparaît indiquant que tu es infecté, Ignore la ! Ces attrapes nigaux sont fait pour que tu achètes ce logiciel, mais c'est un Fake (faux). Par exemple un de ces PopUp. Lien à suivre (Merci à S!Ri)
   
   Ce sont des programmes qui se déguisent eux mêmes en Anti-Spywares ou outils de sécurités, mais ce ne sont en fait que des Rogues. Rogue/Suspect Anti-Spyware Produits & Web Sites & Rogue Data base
   
   
5. Une autre méthode ou tactique pour te leurrer sur le web est de te montrer des PopUp plus vrai que vrai, dans lequel tu auras un message de ce type. Windows message or alert. Si tu cliques dessus, tu vas être redirigé vers un site web qui va te suggerer un produit. Je te conseille fortement de fermer cette fenêtre en cliquant sur la X au lieu de OK. Alternativement tu peux contrôler si il s'agit réellement d'une véritable alerte Windows en faisant un Clique Droit sur la fenêtre. Si dans le menu tu as le message suivant, => ajouter aux favoris <= tu sauras alors que c'est une fausse alerte.
   
   
6. Ne pas allez sur des sites pour Adultes. Je sais que cela peut déranger certains d'entre vous. Mais le fait est qu'une grande quantité de logiciel malveillant est faite pour passer ces types de sites. Je ne suis pas entrain de dire que tout ces sites sont comme cela, mais beaucoup le sont.
   
   
7. Quand tu utilises une messagerie instantané, Msn, Twitter, facebook... ne pas cliquer sur les liens qui te seront proposés. Il s'agit aussi d'une méthode commune pour infecter un ordinateur. La machine infectée se permet d'utiliser le carnet d'adresse et d'envoyer de faux messages avec des vrais liens qui eux sont infectés. Donc par prudence, ne clique pas sur ce message et demande à son auteur, si il en est bien l'instigateur, sinon tu te feras piéger et l'infection rentrera toute seule et avec ton accord.
   
   
8. Reste éloigné des sites de Warez et de Cracks. Déjà c'est casser des copyrights et tout ce que tu chargeras sera infecté et ton Pc sera truffé de vilaines bébêtes, qui vont invitées en plus toute la famille.
   
   
9. Soit prudent si tu souhaites charger sur des sites de Peer 2 Peer. Les sites te proposent des logiciels dans lesquels sont cachés des Malwares, alors tu penses bien que rien n'est gratuit, même pas le Peer 2 Peer. Et non ce n'est pas de la fiction, de nombreuses infections proviennent du téléchargement illégal.
   
   
10. Ne jamais installer de logiciel sans avoir au préalable lu le Cluf, (tu sais la petite fenêtre te demandant si tu es d'accord pour l'installation), ouai, d'accord, bon nombre sont en anglais mais bon, il n'est pas interdit de se renseigner avant, Hein !!! Car si l'on prend l'exemple de Messenger Skinner, hé bien lui il vas te proposer des pubs, et tu ne pourras rien y faire, tu a dit "Oui" pendant l'installation. Comment crois tu que les développeurs gagnent de l'argent. Oui il y a des Malwares aussi dans ce type de logiciels

Visite très fréquemment Microsoft's Windows Update (Mise à jour Microsoft)

Il est très important de visiter ce site http://www.windowsupdate.com régulièrement. Cela permet de contrôler que ton PC possède bien les dernières mises à jour donc moins de faille sécuritaire. Si toutefois il y avait des mises à jour à réaliser, les charger puis les installer immédiatement. Un redémarrage sera parfois requis, alors redémarre et revisite le site jusqu'à ce que toutes les mises à jour soient réalisées.



Utilise un antivirus

Il est très important d'avoir dans sa machine un antivirus résident (qui surveille en permanence). Il te protègera du mieux qu'il pourra, cela sera fonction aussi du surf que tu auras, donc de ton attitude, tu réfléchis puis ensuite tu cliques pas l'inverse, OK.

Antivirus, Spyware, et Malware Protections


Mettre à jour son antivirus

C'est aussi très important d'avoir les dernières mises à jour pour son antivirus, sinon, ben... il ne sert à rien. La plupart font des mises à jour automatiques, mais ne t'empêche pas de les faire en mode manuelle. De plus ces mises à jour permettent de reconnaitre les dernière variantes virales, alors tu penses bien que cela sera très utile.
Quand ton antivirus arrivera à expiration, il te faudra aussi penser à renouveler sa licence, sinon te ne sera plus protégé.


Assure toi que tout tes logiciels soient à jour

Les mises à jour sont aussi réelles pour tout les autres logiciels que tu utilises. Pour cela visite ce tuto réalisé par Autralien
Oui les infections peuvent aussi se propager par des logiciels non à jour. Java \ Adobe \ autres... Secunia Software Inspector

Utilise un Firewall (Parefeu)

Sans Firewall ton Pc est susceptible de subir des attaques et elles te seront invisibles. Ensuite ton pc sera utilisé à l'insu de ton plein grès. Je suis très sérieux à ce propos, en utilisant un firewall même avec ces réglages de base, tu auras au moins un minimum de protection.

trouver un tuto pour comodo par exemple

Installe un Logiciel AntiSpyware

Nous avons utilisé Malwarebytes-Antimalware (Mbam). C'est un excellent produit mais non résident (travaille uniquement à la demande, donc à la tâche). Garde le, mets le à jour et passe le une fois par semaine, sachant qu'il ne chasse pas les mêmes choses que les antivirus, il te protégera contre les Spywares (logiciels espions)

Pense bien aux mises à jour régulièrement

Assure toi d'avoir un système à jour afin de palier les failles sécuritaires. Sans ces mises à jours ton Pc ne sera pas correctement protégé quand un nouveau code malveillant sera sorti.
Sache que toute cette lecture réduira les risques d'infections.

Labougie

Bonne continuation

Oui, j'ai remarqué qu'il y avait pas mal de monde....

je vais lire la doc que tu as envoyée

Alameda

Mimile

tu avez poser une question trés pertinente, normal que les invités etaients très à l'aise chez Alameda, pas de police, c'est la 1ère fois que je vois quelqu'un sans "Anti-virus"

Alameda peux-tu nous dire quel antivirus tu utilises?

Bennn....

Pour tout vous dire, mon ordi est un Mac. J'ai une partition Windows XP et comme je l'utilise juste pour un programme bien precis, je ne pensai pas que c'etait util de le proteger...

Je crois que je me suis trompé....

Alameda

Et le pare-feu dans ton XP c'est quoi?

Sinon active celui intégré à XP ici un tuto

http://www.pcastuces.com/newsletter/adj/548.htm

Télécharge Avira (j'ai un petit faible pour celui-ci) sur le bureau,juste Enregistrer et non Executer

http://www.free-av.com/fr/download/download_servers.php

Un tuto pour le paramétrer( à lire avant d'installer)

http://www.donnemoilinfo.com/tuto/AntiVir/

Fais un scan complet une fois l'antivirus en place

Bonne continuation

Je ne peu pas utiliser le par feu à cause du logiciel que j'utilise.

J'ai telechargé Spybot, CClearner et maintenant je vais telecharger Avira.

Cela vous parait bien?

Concernant Malaware, je ne comprends pas trop, je peu supprimer les virus qui sont en quarantaine?

Cela ne risque pas de suprimer les dossiers?

Alameda a écrit :

Je ne peu pas utiliser le par feu à cause du logiciel que j'utilise.

J'ai telechargé Spybot, CClearner et maintenant je vais telecharger Avira.

Cela vous parait bien?

Concernant Malaware, je ne comprends pas trop, je peu supprimer les virus qui sont en quarantaine?

Cela ne risque pas de suprimer les dossiers?

Alameda

Maintenant que tu as été transferer vers la Sécurité, mon aide s'arrete là. Ta question est pour le Groupe Sécurité.

Je ne sais pas quel logiciel t'empeche d'utiliser "le pare-feu XP".Mais maintenant toutes tes questions sont pour les membres du Groupe Sécurité.

Pendants les scans d'Avira ou autres, ferme tous navigateurs, logiciels, toutes fenetres, et ne surf pas sur le net

Bonne continuation

Salut,

Hum..ton cas m'intéresse

Déjà, IE6 ça puxor bien fort, faudra mettre à jour absolument, sinon inutile de continuer.

Télécharge ComboFix sur ton Bureau (et pas ailleurs)

• Prends connaissance de ce tutoriel : Tutoriel ComboFix Bleeping Computer
• Désactive ton antivirus
• Ferme toutes les fenêtres
• Double-clique sur ComboFix.exe (Pour Vista/7, clique-droit > Exécuter en tant qu'administrateur)
• Clique sur Oui/YES pour accepter la limitation de garantie !

--> Si ComboFix te demande d'installer la console de récupération, accepte (YES, puis OUI), c'est TRÈS IMPORTANT !

• Lance le scan (ne clique pas sur la fenêtre qui s'ouvre).
• A la fin du scan (cela peut prendre du temps), un rapport sera créé.
• Copie-colle ce rapport dans ton prochain message (C:\Combofix.txt)

Bonjour no.ppp

Voici le rapport

ComboFix 10-09-11.03 - Laurent 12/09/2010 14:13:50.1.2 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2792.2267 [GMT 2:00]
Lancé depuis: c:\documents and settings\Laurent\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\extensions\{f4735822-ba31-4f73-a971-fa815e07b9d2}
c:\documents and settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\extensions\{f4735822-ba31-4f73-a971-fa815e07b9d2}\chrome\xulcache.jar
c:\documents and settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\extensions\{f4735822-ba31-4f73-a971-fa815e07b9d2}\defaults\preferences\xulcache.js
c:\documents and settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\extensions\{f4735822-ba31-4f73-a971-fa815e07b9d2}\install.rdf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-12 au 2010-09-12 ))))))))))))))))))))))))))))))))))))
.

2010-09-12 13:07 . 2010-09-12 13:07 -------- d-----w- C:\.fseventsd
2010-09-12 10:43 . 2010-09-12 10:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-12 10:43 . 2010-09-12 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-12 10:41 . 2010-09-12 10:41 -------- d-----w- c:\program files\CCleaner
2010-09-12 08:11 . 2010-09-12 08:11 -------- d-----w- c:\program files\trend micro
2010-09-12 08:11 . 2010-09-12 08:11 -------- d-----w- C:\rsit
2010-09-12 07:43 . 2010-09-12 07:43 -------- d-----w- c:\documents and settings\Laurent\Application Data\Malwarebytes
2010-09-12 07:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 07:43 . 2010-09-12 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 07:43 . 2010-09-12 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-12 07:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 06:43 . 2010-09-12 06:43 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-05 18:52 . 2010-09-05 18:53 61440 ----a-w- c:\documents and settings\Laurent\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-574448a9-n\decora-sse.dll
2010-09-05 18:52 . 2010-09-05 18:53 503808 ----a-w- c:\documents and settings\Laurent\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4bb3ee15-n\msvcp71.dll
2010-09-05 18:52 . 2010-09-05 18:53 499712 ----a-w- c:\documents and settings\Laurent\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4bb3ee15-n\jmc.dll
2010-09-05 18:52 . 2010-09-05 18:53 348160 ----a-w- c:\documents and settings\Laurent\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4bb3ee15-n\msvcr71.dll
2010-09-05 18:52 . 2010-09-05 18:53 12800 ----a-w- c:\documents and settings\Laurent\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-574448a9-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 11:07 . 2009-06-23 07:25 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-12 06:41 . 2009-06-28 11:32 1 ----a-w- c:\documents and settings\Laurent\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-13 13:35 . 2001-08-28 10:00 96286 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-13 13:35 . 2001-08-28 10:00 535486 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-28 18:15 . 2010-07-28 18:15 -------- d-----w- c:\documents and settings\Laurent\Application Data\opencpn
2010-07-28 18:15 . 2010-07-28 18:15 -------- d-----w- c:\program files\OpenCPN
2010-06-30 12:32 . 2006-03-24 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2006-03-24 10:00 671232 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2006-03-24 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2006-03-24 10:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-24 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-24 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 15:12 . 2010-06-15 15:12 25984 ----a-w- c:\windows\system32\drivers\VSPE.sys
2010-06-14 14:31 . 2009-06-23 03:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2009-07-02 20:05 . 2009-07-02 20:04 2062 ----a-w- c:\program files\unins001.dat
2009-07-02 20:05 . 2009-07-02 20:04 695578 ----a-w- c:\program files\unins001.exe
2009-07-02 19:47 . 2009-06-25 22:01 3851 ----a-w- c:\program files\unins000.dat
2009-07-02 19:38 . 2009-06-25 22:01 695578 ----a-w- c:\program files\unins000.exe
.

------- Sigcheck -------

[-] 2006-03-24 10:00 . B751CE6043B33A2EFEABB2D6BA83EC67 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-03-24 10:00 . B751CE6043B33A2EFEABB2D6BA83EC67 . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-13 13545472]
"nwiz"="nwiz.exe" [2008-10-13 1630208]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-10-13 431408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-13 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-13 16864768]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2010-05-21 186928]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2010-05-21 1104432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
0dzuu6g.exe [2010-9-10 38400]
ttpffbrrndd.exe [2010-9-12 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2010-02-09 14:57 484616 ----a-r- c:\windows\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VMUpgradeAtShutdown]
2010-05-21 00:34 37424 ----a-w- c:\windows\system32\VMUpgradeAtShutdownWXP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@="Driver Group"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\32nd America's Cup\\VskAC32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2350:TCP"= 2350:TCP:VSK
"3450:TCP"= 3450:TCP:vsk
"3450:UDP"= 3450:UDP:vsk
"2350:UDP"= 2350:UDP:VSK

R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys [15/06/2010 17:12 25984]
R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [30/11/2009 08:53 129200]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [13/10/2008 12:14 136496]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [13/10/2008 12:14 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [13/10/2008 11:30 5760]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [13/10/2008 11:29 6784]
R2 VMMEMCTL;Pilote de commande de mémoire;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [21/05/2010 02:35 14384]
R2 VMUpgradeHelper;Aide de la mise à niveau VMware;c:\program files\VMware\VMware Tools\VMUpgradeHelper.exe [21/05/2010 02:34 174640]
R2 VMware Physical Disk Helper Service;Service d'aide du disque physique VMware;c:\program files\VMware\VMware Tools\vmacthlp.exe [21/05/2010 02:34 379440]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [23/06/2009 09:24 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [23/06/2009 09:24 19456]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [23/06/2009 09:23 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [23/06/2009 09:23 22528]
S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [21/05/2010 02:34 23088]
S1 vmrawdsk;Aide du disque physique VMware Vista;\??\c:\program files\VMware\VMware Tools\vmrawdsk.sys --> c:\program files\VMware\VMware Tools\vmrawdsk.sys [?]
S2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\vmtoolsd.exe [21/05/2010 02:35 50224]
S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [09/02/2010 16:57 255304]
S3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [21/05/2010 02:31 390432]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [30/11/2009 08:53 61488]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [29/11/2009 18:56 11440]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [30/11/2009 08:53 28080]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [30/11/2009 08:53 36912]
.
Contenu du dossier 'Tâches planifiées'

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-efaa6m - c:\windows\system32\e6qq6cc6.exe
HKCU-Run-okaawmm - c:\windows\system32\9k1gccx.exe
HKCU-Run-bssnee - c:\windows\system32\a9w1soojaa.exe
HKCU-Run-efv70 - c:\windows\system32\91qbcxd.exe
HKCU-Run-otjpk0r - c:\windows\system32\mhxytjkfgb.exe
HKCU-Run-mmhyy - c:\windows\system32\0xtoo6a.exe
HKCU-Run-qqmcc - c:\windows\system32\a1wssnee.exe
HKCU-Run-riidu - c:\windows\system32\m1ieezqq.exe
HKCU-Run-dejfaa - c:\windows\system32\xtjjfvvr.exe
HKCU-Run-mrsyjee - c:\windows\system32\9c1yuup.exe
HKCU-Run-ssoee6 - c:\windows\system32\lccxoojaavm.exe
HKCU-Run-pklgcc - c:\windows\system32\6gg6ss6.exe
HKCU-Run-qlccxoo - c:\windows\system32\vmmhyytk.exe
HKCU-Run-ieezq - c:\windows\system32\dzuu6gg6.exe
HKCU-Run-jkplgg - c:\windows\system32\e70fbww6i.exe
HKCU-Run-ydzuu6g - c:\windows\system32\vmmhyytkkfw.exe
HKCU-Run-gwwsii - c:\windows\system32\v0bxss6ee.exe
HKCU-Run-bchdyy6 - c:\windows\system32\9c1yuup.exe
HKCU-Run-eeaqq6 - c:\windows\system32\xoojaavmmhy.exe
HKCU-Run-yzuqql - c:\windows\system32\too6aa6mm.exe
HKCU-Run-nijeaav - c:\windows\system32\njee6qq6.exe
HKCU-Run-bxnnjz - c:\windows\system32\bssneezq.exe
HKCU-Run-too6a - c:\windows\system32\h0njee6qq.exe
HKCU-Run-dejfaa6 - c:\windows\system32\w3yytkkfwwr.exe
HKCU-Run-awmm6 - c:\windows\system32\0ccxooj.exe
HKCU-Run-vmmhyy - c:\windows\system32\jjfvvrhhdtt.exe
HKCU-Run-fbrrnd - c:\windows\system32\k70lhcc6o.exe
AddRemove-ldcqh - c:\documents and settings\laurent\local settings\application data\ldcqh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 14:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\System32\vmhgfs.dll
.
Heure de fin: 2010-09-12 14:17:14
ComboFix-quarantined-files.txt 2010-09-12 12:17

Avant-CF: 13 964 312 576 octets libres
Après-CF: 14 228 226 048 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 97BFBE55EAF32D8275679C3A02CB5218

Salut,

Démarrer > Exécuter > Tape "ComboFix /Uninstall" sans les ""

Télécharge OTL sur ton Bureau

• Double-clique sur OTL.exe pour le lancer. (Pour Vista/7, clique-droit > Exécuter en tant qu'administrateur)
• Coche la case Tous les utilisateurs
• Sous le cadre Personnalisation, copie-colle le contenu suivant :
  

  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  explorer.exe
  wininit.exe
  winlogon.exe
  userinit.exe
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  i8042prt.sys
  cdrom.sys
  disk.sys
  ndis.sys
  tcpip.sys
  mountmgr.sys
  aec.sys
  rasacd.sys
  redbook.sys
  ipsec.sys
  mrxsmb10.sys
  mrxsmb20.sys
  termdd.sys
  mrxsmb.sys
  win32k.sys
  storport.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  CREATERESTOREPOINT

• Clique ensuite sur Analyse puis patiente pendant qu'il effectue son scan.
• Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
• Copie-colle le dans ta prochaine réponse.

Note : Si le rapport est trop long, héberge-le sur http://cjoint.com

OTL Extras logfile created on: 12/09/2010 17:23:01 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Laurent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31,67 Gb Total Space | 16,94 Gb Free Space | 53,47% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SALANDER
Current User Name: Laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-436374069-963894560-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2350:TCP" = 2350:TCP:*:Enabled:VSK
"3450:TCP" = 3450:TCP:*:Enabled:vsk
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3450:UDP" = 3450:UDP:*:Enabled:vsk
"2350:UDP" = 2350:UDP:*:Enabled:VSK

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- ()
"C:\Program Files\32nd America's Cup\VskAC32.exe" = C:\Program Files\32nd America's Cup\VskAC32.exe:*:Enabled:VskAC32 -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B040CC-E9B1-4769-950E-87786C9E16AD}" = OpenOffice.org 3.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9C39A05-5F2C-4BF7-A0DBCDDCCF243131} Sail Simulator 5_is1" = Sail Simulator 5 v5.1.7.2
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C79FB513-E44C-493F-9AC9-F25AEA47BC3C}_is1" = Northspace VSK5 Instruments 1.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D04A0DA4-DCFD-442D-B081-B218E101A74E}_is1" = Northspace VSK5 Instruments Restore 1.0
"{EB8C1CEE-47C1-4DE0-9624-17E9D266331C}" = CEREMU System Checker
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Services Boot Camp
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}" = VMware Tools
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Package de pilotes Windows - Intel (e1express) Net (04/03/2006 9.3.39.0)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Package de pilotes Windows - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Package de pilotes Windows - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6A874623B26B7D1148405D920F0D3B9E5255D112" = Package de pilotes Windows - Apple Inc. Apple Multitouch Mouse (10/01/2008 2.1.2.1)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Package de pilotes Windows - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Package de pilotes Windows - Intel (E1000) Net (01/06/2006 8.6.17.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Package de pilotes Windows - Intel System (07/20/2007 1.2.76.0)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Package de pilotes Windows - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Package de pilotes Windows - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"9A38D5642E3C7E0E4801C4C2C2B36C18C98A7FAC" = Package de pilotes Windows - Broadcom (BCM43XX) Net (09/10/2008 5.10.38.14)
"9DCE48DA45071B290BCB8A7E5C8DDC0596697F5A" = Package de pilotes Windows - Apple Inc. Apple Multitouch (10/01/2008 2.1.2.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Package de pilotes Windows - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Package de pilotes Windows - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"BE5EA125D85C1DA16871E1E6BC4671CD650147E1" = Package de pilotes Windows - Apple Inc. (applebt) Bluetooth (09/15/2008 2.1.2.0)
"CCleaner" = CCleaner
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Package de pilotes Windows - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Package de pilotes Windows - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Package de pilotes Windows - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Package de pilotes Windows - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"F24CB85E5983448F6319803791DEACED91E6565B" = Package de pilotes Windows - Apple Inc. System (08/22/2008 2.1.1.1)
"FE6C13AFE350660993DCE88716B777EF0BCB2C91" = Package de pilotes Windows - Apple Inc. Apple Keyboard (09/15/2008 2.1.2.0)
"FileZilla Client" = FileZilla Client 3.3.4.1
"Fraps" = Fraps (remove only)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenCPN_is1" = OpenCPN version 2.1.0
"Sailwave" = Sailwave
"ST6UNST #1" = Diagnostic
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Ugrib_is1" = Ugrib RC1
"VskAC32_is1" = 32nd America's Cup Patch1
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = Logiciel d'archivage WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-436374069-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACUPUNCTURE1B" = Acupuncture
"YONGTCHI203" = YongTchi

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 16/06/2010 11:35:39 | Computer Name = SALANDER | Source = LoadPerf | ID = 3001
Description = La valeur de la chaîne du nom de compteur de performance n'est pas
formatée correctement dans le Registre. La chaîne erronée est 5874, la valeur d'index
erronée est le premier DWORD de la section Data, et les dernières valeurs d'index
valides sont le second et le troisième DWORD de la section Data.

Error - 16/06/2010 11:35:39 | Computer Name = SALANDER | Source = LoadPerf | ID = 3001
Description = La valeur de la chaîne du nom de compteur de performance n'est pas
formatée correctement dans le Registre. La chaîne erronée est 5874, la valeur d'index
erronée est le premier DWORD de la section Data, et les dernières valeurs d'index
valides sont le second et le troisième DWORD de la section Data.

Error - 16/06/2010 11:35:39 | Computer Name = SALANDER | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
aspnet_state (ASP.NET State Service) a échoué. Le code d'erreur est le premier DWORD
de la section Data.

Error - 16/06/2010 11:35:40 | Computer Name = SALANDER | Source = LoadPerf | ID = 3001
Description = La valeur de la chaîne du nom de compteur de performance n'est pas
formatée correctement dans le Registre. La chaîne erronée est 5874, la valeur d'index
erronée est le premier DWORD de la section Data, et les dernières valeurs d'index
valides sont le second et le troisième DWORD de la section Data.

Error - 21/06/2010 11:58:57 | Computer Name = SALANDER | Source = Windows Product Activation | ID = 1012
Description = Vous aurez besoin de réactiver votre produit Windows en raison des
modifications matérielles effectuées sur cet ordinateur.

Error - 21/06/2010 16:24:49 | Computer Name = SALANDER | Source = Windows Product Activation | ID = 1009
Description = Vous n'avez pas activé Windows pendant la période de grâce. Pour activer
Windows, contactez le service clientèle par téléphone.

Error - 22/06/2010 07:32:30 | Computer Name = SALANDER | Source = Windows Product Activation | ID = 1009
Description = Vous n'avez pas activé Windows pendant la période de grâce. Pour activer
Windows, contactez le service clientèle par téléphone.

Error - 05/07/2010 13:30:08 | Computer Name = SALANDER | Source = Application Error | ID = 1000
Description = Application défaillante javaw.exe, version 6.0.200.2, module défaillant
java.dll, version 6.0.200.2, adresse de défaillance 0x00005875.

Error - 28/07/2010 14:39:44 | Computer Name = SALANDER | Source = Application Hang | ID = 1002
Description = Application bloquée opencpn.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 28/07/2010 17:39:37 | Computer Name = SALANDER | Source = Application Error | ID = 1000
Description = Application défaillante opencpn.exe, version 0.0.0.0, module défaillant
opencpn.exe, version 0.0.0.0, adresse de défaillance 0x000ee1a0.

[ System Events ]
Error - 12/09/2010 00:29:20 | Computer Name = SALANDER | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 12/09/2010 00:29:22 | Computer Name = SALANDER | Source = ACPI | ID = 327690
Description = ACPI : le BIOS ACPI essaie d'écrire sur une région d'opération PCI
non autorisée (0x41c). Contactez le fabricant de votre ordinateur pour une assistance
technique.

Error - 12/09/2010 02:59:44 | Computer Name = SALANDER | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.12 sur
la carte réseau d'adresse réseau 002500D01328.

Error - 12/09/2010 05:29:52 | Computer Name = SALANDER | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.12 sur
la carte réseau d'adresse réseau 002500D01328.

Error - 12/09/2010 05:35:23 | Computer Name = SALANDER | Source = ACPI | ID = 327690
Description = ACPI : le BIOS ACPI essaie d'écrire sur une région d'opération PCI
non autorisée (0x41c). Contactez le fabricant de votre ordinateur pour une assistance
technique.

Error - 12/09/2010 05:35:23 | Computer Name = SALANDER | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume3'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 12/09/2010 07:35:32 | Computer Name = SALANDER | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 12/09/2010 07:35:33 | Computer Name = SALANDER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : agp440 IntelIde

Error - 12/09/2010 08:05:19 | Computer Name = SALANDER | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.12 sur
la carte réseau d'adresse réseau 002500D01328.

Error - 12/09/2010 11:19:14 | Computer Name = SALANDER | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.0.12 sur
la carte réseau d'adresse réseau 002500D01328.


< End of report >

OTL logfile created on: 12/09/2010 17:23:01 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Laurent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31,67 Gb Total Space | 16,94 Gb Free Space | 53,47% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SALANDER
Current User Name: Laurent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/09/12 17:20:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTL.exe
PRC - [2010/08/25 04:35:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/25 04:35:34 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/05/21 02:34:56 | 000,379,440 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe
PRC - [2010/05/21 02:34:30 | 000,174,640 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
PRC - [2010/05/21 00:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:01:30 | 000,305,152 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\swriter.exe
PRC - [2010/05/21 00:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2008/10/13 12:14:24 | 000,431,408 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2008/10/13 12:14:16 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/10/13 12:14:14 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/09/12 17:20:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTL.exe
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/05/21 02:35:16 | 000,050,224 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe -- (VMTools)
SRV - [2010/05/21 02:34:56 | 000,379,440 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- (VMware Physical Disk Helper Service)
SRV - [2010/05/21 02:34:30 | 000,174,640 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe -- (VMUpgradeHelper)
SRV - [2010/05/21 02:31:24 | 000,390,432 | R--- | M] (ThinPrint AG) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe -- (TPVCGateway)
SRV - [2010/02/09 16:57:14 | 000,255,304 | R--- | M] (ThinPrint AG) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe -- (TPAutoConnSvc)
SRV - [2008/10/13 12:14:16 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2008/10/13 12:14:14 | 000,136,496 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk)
DRV - [2010/06/15 17:12:58 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2010/05/21 02:35:22 | 000,129,200 | ---- | M] (VMware, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\vmhgfs.sys -- (vmhgfs)
DRV - [2010/05/21 02:35:00 | 000,014,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys -- (VMMEMCTL)
DRV - [2010/05/21 02:34:52 | 000,023,088 | ---- | M] (VMware, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vmdebug.sys -- (vmdebug)
DRV - [2010/05/21 02:33:42 | 000,036,912 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmxnet.sys -- (vmxnet)
DRV - [2010/05/21 02:33:40 | 000,011,440 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmmouse.sys -- (vmmouse)
DRV - [2010/05/21 02:32:20 | 000,028,080 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmx_svga.sys -- (vmx_svga)
DRV - [2010/02/09 16:57:56 | 000,061,488 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2008/10/13 11:36:02 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/13 11:35:08 | 006,614,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/10/13 11:34:40 | 000,013,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/10/13 11:34:32 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/10/13 11:34:32 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/10/13 11:32:00 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/10/13 11:30:16 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2008/10/13 11:30:04 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/10/13 11:29:26 | 000,019,456 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp)
DRV - [2008/10/13 11:29:26 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm)
DRV - [2008/10/13 11:29:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2008/10/13 11:29:02 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 07:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2001/08/17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-963894560-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/12 08:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/23 15:43:20 | 000,000,000 | ---D | M]

[2009/06/23 15:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurent\Application Data\Mozilla\Extensions
[2009/06/23 15:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\extensions
[2010/09/12 09:49:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/28 18:25:12 | 000,002,035 | ---- | M] () -- C:\Documents and Settings\Laurent\Application Data\Mozilla\Firefox\Profiles\2jswjsdq.default\searchplugins\Busca Listo.xml
[2009/06/23 15:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/22 13:48:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 02:40:16 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/25 02:40:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/25 02:40:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/25 02:40:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/25 02:40:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/09/12 14:16:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-436374069-963894560-1606980848-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-963894560-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-436374069-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-436374069-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint AG)
O20 - Winlogon\Notify\VMUpgradeAtShutdown: DllName - VMUpgradeAtShutdownWXP.dll - C:\WINDOWS\System32\VMUpgradeAtShutdownWXP.dll (VMware, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/23 05:52:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Driver Group
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Logiciel de navigation hors connexion
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Aide sur Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Outils d'installation Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Améliorations pour la navigation
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accès au site MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Liaison de données Dynamic HTML
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Polices de base Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Aide HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/09/12 17:20:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTL.exe
[2010/09/12 15:07:55 | 000,000,000 | ---D | C] -- C:\.fseventsd
[2010/09/12 14:46:20 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/09/12 14:40:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/12 14:13:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/12 14:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/12 12:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/12 12:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/12 12:42:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laurent\Recent
[2010/09/12 12:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/12 10:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laurent\Bureau\Secu Ordi
[2010/09/12 10:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/09/12 10:11:31 | 000,000,000 | ---D | C] -- C:\rsit
[2010/09/12 09:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laurent\Application Data\Malwarebytes
[2010/09/12 09:43:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 09:43:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/12 09:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/12 09:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/12 08:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/09/12 08:30:58 | 000,038,400 | RHS- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe
[2010/09/10 20:37:24 | 000,038,400 | RHS- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Laurent\*.tmp files -> C:\Documents and Settings\Laurent\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/09/12 17:23:52 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\Laurent\NTUSER.DAT
[2010/09/12 17:20:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laurent\Bureau\OTL.exe
[2010/09/12 15:28:42 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\Laurent\Bureau\.~lock.Lyon.odt#
[2010/09/12 15:12:54 | 000,015,388 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\Lyon.odt
[2010/09/12 15:11:02 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\logo L.rar
[2010/09/12 15:01:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\logo L.map
[2010/09/12 15:01:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\logo L.jpg
[2010/09/12 14:41:40 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
[2010/09/12 14:38:22 | 000,029,605 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\mise en place des résultats.odt
[2010/09/12 14:17:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 14:16:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/12 14:13:18 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/12 13:48:52 | 030,938,104 | ---- | M] () -- C:\Documents and Settings\Laurent\Bureau\avira_antivir_personal_es.exe
[2010/09/12 13:36:28 | 000,194,958 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/12 13:07:10 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/09/12 11:35:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 11:35:14 | 2927,448,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 08:44:10 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\FileZilla Client.lnk
[2010/09/12 08:37:10 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\Laurent\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/12 08:37:10 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/09/12 08:30:56 | 000,038,400 | RHS- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe
[2010/09/12 06:29:20 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 20:37:22 | 000,038,400 | RHS- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe
[2010/09/05 20:49:06 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/09/05 18:46:46 | 000,012,562 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/09/05 18:46:40 | 000,129,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Laurent\*.tmp files -> C:\Documents and Settings\Laurent\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/12 15:28:41 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Laurent\Bureau\.~lock.Lyon.odt#
[2010/09/12 15:11:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\logo L.jpg
[2010/09/12 15:08:38 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\logo L.rar
[2010/09/12 15:01:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\logo L.map
[2010/09/12 14:49:07 | 000,015,388 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\Lyon.odt
[2010/09/12 14:41:38 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
[2010/09/12 14:13:16 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/12 14:13:15 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2010/09/12 13:48:26 | 030,938,104 | ---- | C] () -- C:\Documents and Settings\Laurent\Bureau\avira_antivir_personal_es.exe
[2010/09/12 08:43:29 | 000,001,567 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\FileZilla Client.lnk
[2010/09/05 20:46:58 | 2927,448,064 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/15 17:12:57 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2010/03/13 18:19:01 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2010/02/19 21:18:37 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/30 08:53:21 | 002,275,888 | R--- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2009/09/07 20:12:03 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/02 22:04:18 | 000,695,578 | ---- | C] () -- C:\Program Files\unins001.exe
[2009/07/02 22:04:18 | 000,002,062 | ---- | C] () -- C:\Program Files\unins001.dat
[2009/06/26 13:53:55 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Laurent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/26 00:01:00 | 000,695,578 | ---- | C] () -- C:\Program Files\unins000.exe
[2009/06/26 00:01:00 | 000,003,851 | ---- | C] () -- C:\Program Files\unins000.dat
[2009/06/23 09:22:02 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/23 09:22:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/23 09:22:01 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/23 09:21:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/23 09:21:58 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< MD5 for: AEC.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
[2006/03/24 12:00:00 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[2008/04/13 18:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ERDNT\cache\aec.sys
[2008/04/13 18:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2008/04/13 18:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2006/03/24 12:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/24 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006/03/24 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/03/24 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2006/03/24 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2006/03/24 12:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/14 04:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/14 04:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\dllcache\i8042prt.sys
[2008/04/14 04:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2008/04/14 04:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i8042prt.sys

[color=#A23BEC]< MD5 for: IPSEC.SYS >[/color]
[2008/04/13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006/03/24 12:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2006/03/24 12:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
[2008/04/13 20:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
[2008/04/13 20:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/03/24 12:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB957097_0$\mrxsmb.sys
[2009/12/04 19:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2009/12/04 18:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 13:21:10 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/10/24 13:21:10 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 21:17:02 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 21:17:02 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 13:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2008/10/24 13:41:12 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2008/10/24 13:25:30 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 13:57:58 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 15:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 15:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2010/02/24 15:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/03/24 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/24 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2006/03/24 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2006/03/24 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

[color=#A23BEC]< MD5 for: REDBOOK.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/04 00:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/14 03:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/14 03:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2006/03/24 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[color=#A23BEC]< MD5 for: TCPIP.SYS >[/color]
[2008/06/20 12:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/03/24 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2006/03/24 12:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2009/09/13 22:33:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
[2008/04/14 04:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
[2008/04/14 04:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/04 00:55:12 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2006/03/24 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2008/04/14 03:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
[2008/04/14 03:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/05/02 10:02:26 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2009/08/14 16:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2009/04/19 21:57:24 | 001,848,064 | ---- | M] (Microsoft Corporation) MD5=526847A9449EC1B5901C4083B9AF7391 -- C:\WINDOWS\$hf_mig$\KB968537\SP2QFE\win32k.sys
[2006/03/24 12:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\WINDOWS\$NtUninstallKB968537_0$\win32k.sys
[2009/08/14 16:14:00 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2009/04/19 22:09:40 | 001,846,784 | ---- | M] (Microsoft Corporation) MD5=A3CFB28FC2A9B73229CF65B6CA84D19E -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2009/04/19 21:42:34 | 001,847,936 | ---- | M] (Microsoft Corporation) MD5=A4CB910DA61C2AB50D1D4E15CDA48D32 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
[2010/06/24 11:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2010/06/24 11:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\system32\win32k.sys
[2010/05/02 10:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2009/04/19 21:50:30 | 001,847,296 | ---- | M] (Microsoft Corporation) MD5=E2D4E6609DCF4175FCC8BCA489F28D9C -- C:\WINDOWS\$hf_mig$\KB968537\SP3GDR\win32k.sys
[2009/04/19 21:50:30 | 001,847,296 | ---- | M] (Microsoft Corporation) MD5=E2D4E6609DCF4175FCC8BCA489F28D9C -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2010/06/24 23:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2006/03/24 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2010/09/12 11:35:14 | 2927,448,064 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/13 09:31:52 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2008/04/13 07:43:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/23 05:52:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/23 05:52:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/23 05:52:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/23 05:52:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/06/23 14:14:26 | 000,004,096 | -H-- | M] () -- C:\._.Trashes
[2004/08/03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr
[2009/07/23 11:27:20 | 000,004,096 | -H-- | M] () -- C:\._.TemporaryItems
[2009/06/23 09:23:16 | 000,001,655 | ---- | M] () -- C:\RHDSetup.log
[2009/09/13 00:29:38 | 000,050,381 | -H-- | M] () -- C:\.VolumeIcon.icns
[2010/09/12 14:17:16 | 000,014,361 | ---- | M] () -- C:\ComboFix.txt
[2009/11/24 18:13:44 | 000,004,096 | -H-- | M] () -- C:\._RYC Training.rar
[2008/01/02 17:10:52 | 000,536,576 | ---- | M] () -- C:\Fabrication de Skin pour VSK5.doc
[2009/11/24 18:13:54 | 000,004,096 | -H-- | M] () -- C:\._RYCT empannage 1.Challenge.zip
[2010/09/12 11:35:10 | 2145,386,496 | -HS- | M] () -- C:\PAGEFILE.SYS
[2006/03/24 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010/09/12 14:13:18 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2009/11/27 23:57:58 | 000,004,138 | -H-- | M] () -- C:\._Fabrication de Skin pour VSK5.doc
[2009/07/16 13:48:50 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/01/30 22:26:34 | 000,004,096 | -H-- | M] () -- C:\._System Checker 3
[2010/04/13 10:23:50 | 000,004,096 | -H-- | M] () -- C:\._FRAPS 2.9.3.6914 Registered [DEZ-27-07].rar

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2009/09/13 00:29:39 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._
[2009/09/13 00:29:38 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._
< End of report >

Re,

Sauvegarde ta Base de Registre : Sauvegarde de la base de registre

Relance OTL.exe.

• Copie-colle le code suivant dans la fenêtre Personnalisation
  
  

  :OTL
  DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\VMware\VMware Tools\vmrawdsk.sys -- (vmrawdsk)
  O4 - Startup: C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe (Realtek Semiconductor Corp.)
  O4 - Startup: C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe (Realtek Semiconductor Corp.)
  [2010/09/12 08:30:58 | 000,038,400 | RHS- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe
  [2010/09/10 20:37:24 | 000,038,400 | RHS- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe
  [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\Documents and Settings\Laurent\*.tmp files -> C:\Documents and Settings\Laurent\*.tmp -> ]
  [2010/09/12 14:17:16 | 000,014,361 | ---- | M] () -- C:\ComboFix.txt
  
  :commands
  [EmptyTemp]
  [EmptyFlash]
  [Purity]
  [CREATERESTOREPOINT]
  [ResetHosts]
  [Reboot]

• Clique ensuite sur Correction et patiente pendant que l'outil travaille.
• Copie-colle le contenu du rapport qui s'ouvre (C\_OTL\MovedFiles) dans ta prochaine réponse.

J'ai eu un message qui ma demander de redemarrer, en ouvrant il y avait ce message:

All processes killed
========== OTL ==========
Service vmrawdsk stopped successfully!
Service vmrawdsk deleted successfully!
File C:\Program Files\VMware\VMware Tools\vmrawdsk.sys not found.
C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe moved successfully.
C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe moved successfully.
File C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\ttpffbrrndd.exe not found.
File C:\Documents and Settings\Laurent\Menu Démarrer\Programmes\Démarrage\0dzuu6g.exe not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\SET45.tmp deleted successfully.
C:\WINDOWS\SET46.tmp deleted successfully.
C:\WINDOWS\SET52.tmp deleted successfully.
C:\WINDOWS\SET91.tmp deleted successfully.
C:\WINDOWS\003139_.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Laurent\knqunokyji.tmp deleted successfully.
C:\ComboFix.txt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Laurent
->Temp folder emptied: 167696 bytes
->Temporary Internet Files folder emptied: 117841 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54501492 bytes
->Flash cache emptied: 866 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52,00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Laurent
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.12.0 log created on 09122010_174508

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Laurent\Local Settings\Temp\Perflib_Perfdata_860.dat not found!

Registry entries deleted on Reboot...

Comment va la machine ?

j'ai l'impression que tout va bien. Par contre j'ai des dossiers ".odt" ou bien ".gbx" qui ne peuvent plus etre ouvert directement.

J'ai un message==> Windows ne peut pas ouvrir ce fichier etc....

mais ce n'est pas trop grave avec un logiciel que j'utilise je pourrais le faire

1==>Comment puis je verifier si il y a plus de virus? Avec malwarbytes?

2==>Si tout va bien, pourrais tu me dire ce que je doit installer pour proteger correctement l'ordi.

3==> dois virer OTL?

Je n'ai rien compris de ce que j'ai faits en suivant tes conseil, mais c'est tres fort...

Merci pour ton aide

Laurent

OK, réinstalle ton logiciel pour les ouvrir, il a dû prendre un coup dans les dents

Merci pour tout.

Je vais m'occuper de "l'entretient" de mon ordi. Je n'avais pas conscience de ce que cela pouvait engendrer

Laurent