Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 aurelien

aurelien

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 21 March 2010 - 06:21 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01:30, on 22/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Curse\CurseClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S84.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX4000 Series sur TITANIUM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\NodEnabler\NodEnabler.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SteamUp] "c:\program files\steam\steam.exe" -clientapp steamup.dll -silent
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - S-1-5-18 Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46C58453-20AD-4176-AD90-ECF1BC8A36FD}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 12856 bytes


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:45 AM

Posted 25 March 2010 - 02:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 aurelien

aurelien
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 27 March 2010 - 08:28 AM

Bonjour, je comprends que vous ayez beaucoup de sujets à traiter que cela vous prenne du temps, je ne vous fait aucun reproche, car c'est normal, vous ne pouvez répondre à tout le monde en même temps.

Par contre, en attendant votre réponse, j'ai déjà appliqué des actions que l'on m'a expliqué sur un site d'aide, j'ai donc fait 3 scans en mode "Complet" avec les logiciels suivant, A-Squared, Super Anti Spware, Malwarbyte's, à la suite de ces 3 scans, de nombreux fichiers ont était mis en quarantaine ou même supprimé, je vous repose donc un scan de HisjackThis, car cela a du modifier quelques trucs.
Je voulais savoir si je devais suivre tout de même vos instructions expliqué dans le message précédent, ou si il y a des changement en vue du nouveau scan?

PS : Je suis désolé, étant français et parlant très mal l'anglais j'ai poster en Français, si cependant vous désirez que je post en anglais pour une meilleur compréhension, j'essaierais de faire de mon mieux. (I'm sorry, being French and speaking very little English I post in French, but if you want me to post in English for better understanding, I would try to do my best.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:29, on 27/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Curse\CurseClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Aurelien\Mes documents\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S84.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX4000 Series sur TITANIUM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\NodEnabler\NodEnabler.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SteamUp] "c:\program files\steam\steam.exe" -clientapp steamup.dll -silent
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - S-1-5-18 Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46C58453-20AD-4176-AD90-ECF1BC8A36FD}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 13090 bytes

Edited by aurelien, 27 March 2010 - 08:29 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:45 AM

Posted 27 March 2010 - 11:04 AM

Salut aurélien,

je vais tenter de vous aider. Si jamais vous préférez recevoir de l'aide par des gens experimentés en ce qui concerne le support anti-malware en francais je peux vous conseiller un certain nombre de forum francais.

Si vous préférez rester ici et être aider par moi, suivez les instructions suivantes et renvoyez moi les rapports s'il-vous-plait:

Tous d'abords j'aimerais savoir où est-ce que vous avez recu de l'aide jusqu'à présent. Pouvez vous me donner un lien si il s'agit d'un sujet sur un forum. Pourriez vous aussi me mettre à disposition les rapports de Malwarebytes et SuperAntiSpyware que vous avez mentionnés pour que je puisse voir quels fichiers ont été supprimés.
En plus il me faudrait une description des problèmes que vous avez en ce moment? Recevez vous des publicités? Vos recherches google mènent-elles au mauvais endroit? Votre système a-t-il d'autres problèmes?

Finalement envoyez moi svp un rapport d'OTL:

Téléchargez OTL (de Old Timer) et sauvegardez-le sur votre Bureau :
http://oldtimer.geekstogo.com/OTL.exe

- Lancez l'outil par double clic ;
- Depuis l'écran principal de l'outil, paramètrez les options suivantes (si ce n'est déjà fait) :
>> Sous Extra Registry, cochez Use SafeList
>> Vers le haut, cochez Scan All Users
>> Sous Custom Scan/Custom Fixes copiez collez:
CODE
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s

- Cliquez maintenant sur le bouton "Run Scan"
- Deux rapports seront générés par OTL, soient OTL.txt et Extras.txt : l'un sera ouvert (Bloc-notes) et l'autre réduit dans la barre des tâches.
- Copiez/collez le contenu des deux rapports ici, dans votre réponse, s'il vous plaît.

Finalement, est-ce que vous seriez incliné de se tutoyer dans les prochains réponses ou préférez vous le vouvoiement?

myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 aurelien

aurelien
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 30 March 2010 - 07:39 AM

Bonjours, je vous remercie d'avoir répondu, et je m'excuse d'avoir pris du retard à poster la suite.
Cela ne me dérange en rien que l'on se tutoie, pour ma part aucune souci, étant jeune j'en prends souvent l'habitude.

Alors pour l'aide que j'ai reçu il s'agit très exactement de ce lien : http://www.commentcamarche.net/forum/affic...-diagno#dernier


Pour ce qui est des problèmes rencontrés, avant les modification enseigneé à partir de l'autre site, mon ordinateur commencé à ramer et le niveau de performance était assez élevais alors que je possède une machine assez performante.
De plus, je reçoit en effet des email de sites dont je ne connais même pas l'origine, enfin des mail en anglais, ou alors un genre de pubs dont j'ai jamais fait la demande, mais la plupart sont mis en indésirable car j'utilise Hotmail, et parait-il qu'il n'y a pas moyen de bloquer l'envoi de ces "pubs" sur ce programme d'email, enfin s'il en existe, je suis preneur, cela evitera de toujours devoir vider la boite indésarable qui est rempli smile.gif
Aussi, avant d'avoir suivi les instructions sur l'autre site, j'avais un problème de fonctionnement de FireFox qui planté assez souvent en laissant ce message :
" Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Mozilla Firefox\firefox.exe"
Mais depuis je n'ai plus ce genre d'alerte, enfin à vrai dire, je m'en sert plus vraiment car sur les conseil d'un amis, j'ai téléchargé Opera qui est un très bon outil, mais me parait complexe, et moins performant, car sur certain site je remarque un temps plus long aux chargement des pages, un manque apparition d'images une fois les chargements finits, ainsi même que des bug d'affichages, et des temps de latence lorsqu'on défile sur certains sites.
Sinon depuis mon PC rame un peu moins, je l'ai aussi defragmenté, mais surtout je chercher à le nettoyer sans devoir le Formater car trop contraignant, donc enlever les logiciels à risques et inutiles.

Alors, pour les rapports des scans que j'avais cités, les voilà :

Pour A-Squared :

Version - a-squared Free 4.5
Dernière mise à jour : 22/03/2010 21:54:08

Paramètres des balayages :

Type de balayage : Scan en Détail
Objets : Mémoire, Traces, Cookies, C:\
Balayage dans les archives : Marche
Analyse heuristique : Arrêt
Balayage dans les ADS : Marche

Début du balayage : 22/03/2010 22:04:15

c:\program files\gamespy arcade Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\addins Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\cstrike Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\cstrike\frontline Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife\action Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife\cstrike Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife\firearms Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife\frontline Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife\gearbox Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\halflife\tfc Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\aq2 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\battle Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\chaosdm Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\duel Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\freeze Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\gloom Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\gxmod Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\holywars Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\jail Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\kots Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\lfiredm Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\lithium2 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\lmctf Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\pball Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\q2comp Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\qpong Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\ra2 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\requiem Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\sconfig Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\tourney Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\wf Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake2\wod Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\alliance Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\beryllium Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\excessive Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\instagib Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\jailbreak Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\matchmod Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\osp Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\q3comp Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\q3f Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\q3ut2 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\requiem Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\rocketarena3 Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\quake3\wfa Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\arena Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\ch Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\ctf Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\ctfb Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\ctfplus Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\dd Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\dm Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\duel Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\fr Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\mt Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\open cal Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\rpg Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\tribes\tac Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\ut Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\ut\excessive Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\ut\rocketarena Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\custom\ut\swat Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\images Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\images\icons Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\images\portraits Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\profiles Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\profiles\(default) Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_common Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_demospy Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_fplanet Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_gnews Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_gspyder Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_support Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\skins Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\sounds Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\sounds\(default) Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\gamespy arcade\sounds\classic Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\documents and settings\aurelien\menu démarrer\programmes\gamespy arcade Objets détectés : Trace.Directory.GameSpy Arcade!A2
c:\program files\pacbomber Objets détectés : Trace.Directory.PacBomber!A2
c:\windows\bf23567.dat Objets détectés : Trace.File.24.93.247.230!A2
c:\documents and settings\aurelien\application data\wiaserva.log Objets détectés : Trace.File.newnetnameshop.cn!A2
c:\windows\934fdfg34fgjf23 Objets détectés : Trace.File.nosirrah install!A2
c:\windows\0101120101464849.dat Objets détectés : Trace.File.nicevideo15.com!A2
Value: HKEY_USERS\S-1-5-21-746137067-329068152-682003330-1004\Software\GameRange\PacBomber --> Date Objets détectés : Trace.Registry.PacBomber!A2
Value: HKEY_USERS\S-1-5-21-746137067-329068152-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order Objets détectés : Trace.Registry.Emule 5.0!A2
c:\documents and settings\aurelien\application data\microsoft\internet explorer\quick launch\gamespy arcade.lnk Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\4dca9208.dat Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\aphex.exe Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\arcres.dll Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\banner.html Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_banner.gif Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_banner.html Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_bannerbg.jpg Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_loading.gif Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_logo.jpg Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_news.html Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\fpupdate.exe Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade - debug.lnk Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade help.url Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade website.url Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade.lnk Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy.com gaming's homepage.url Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gsapak.exe Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gslan.dll Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gsws.dll Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\install.log Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\pw32.dll Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\readme.html Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\register gamespy arcade.url Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\rptcrash.exe Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news\rsrc.dir Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news\service_tab.psd Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news\service_tab+.tga Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_support\rsrc.dir Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_support\service_tab.psd Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\ws_default.html Objets détectés : Trace.File.GameSpy Arcade!A2
c:\program files\pacbomber\options.ini Objets détectés : Trace.File.PacBomber!A2
c:\program files\pacbomber\stat.dat Objets détectés : Trace.File.PacBomber!A2
Value: HKEY_USERS\S-1-5-21-746137067-329068152-682003330-1004\Software\GameSpy\GameSpy Arcade --> InstDir Objets détectés : Trace.Registry.GameSpy Arcade!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> DisplayName Objets détectés : Trace.Registry.GameSpy Arcade!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> UninstallString Objets détectés : Trace.Registry.GameSpy Arcade!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1266160904890000 Objets détectés : Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267131313218000 Objets détectés : Trace.TrackingCookie.d1.openx.org!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267131324171001 Objets détectés : Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267577342375001 Objets détectés : Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267733190906001 Objets détectés : Trace.TrackingCookie.promo.awempire.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1268091621328001 Objets détectés : Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1269211246218000 Objets détectés : Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Aurelien\Bureau\HR-v6.3-RVS-v1.6.exe Objets détectés : Trojan-Downloader.Win32.Delf!IK
C:\Documents and Settings\Aurelien\Bureau\Star Wars Battle Front 2\SWBFII001\Crack+Keygen+Patch.RELOADED\rld-swbf2kg.exe Objets détectés : Trojan.Crypt.XPACK!IK
C:\Documents and Settings\Aurelien\Mes documents\Downloads\Vidéo\Call Of Duty 4 Modern Warfare [Spanish]WwW.GamesTorrents.CoM\COD4MW SPANISH\CRACK\rzr-cod4.exe Objets détectés : Riskware.Keygen.CoD4!IK
C:\Documents and Settings\Aurelien\Mes documents\Logiciels\NodEnabler 3.1\setupx86.exe Objets détectés : Riskware.Hacktool.NODEnabler!IK
C:\Documents and Settings\Aurelien\Mes documents\Logiciels\NodEnabler 3.1.zip/setupx86.exe Objets détectés : Riskware.Hacktool.NODEnabler!IK
C:\Jeux\Utils\Left_4_dead_2_Update_bugfix_allmode_by_MadwiggyNLD.rar/steam.exe Objets détectés : Trojan.Generic!IK
C:\Program Files\ESET\NodEnabler\NodEnabler.exe Objets détectés : Riskware.AdWare.Win32.Navi!IK
C:\Program Files\ESET\NodEnabler\Uninstall.exe Objets détectés : Trojan.Generic!IK

Analysé

Fichiers : 723505
Traces : 669656
Cookies : 849
Processus : 52

Objets trouvés

Fichiers : 8
Traces : 128
Cookies : 7
Processus : 0
Clés de Registre : 0

Fin du balayage : 23/03/2010 00:10:12
Temps du balayage : 2:05:57

C:\Program Files\ESET\NodEnabler\NodEnabler.exe En Quarantaine Riskware.AdWare.Win32.Navi!IK
C:\Jeux\Utils\Left_4_dead_2_Update_bugfix_allmode_by_MadwiggyNLD.rar/steam.exe En Quarantaine Trojan.Generic!IK
C:\Program Files\ESET\NodEnabler\Uninstall.exe En Quarantaine Trojan.Generic!IK
C:\Documents and Settings\Aurelien\Mes documents\Logiciels\NodEnabler 3.1\setupx86.exe En Quarantaine Riskware.Hacktool.NODEnabler!IK
C:\Documents and Settings\Aurelien\Mes documents\Logiciels\NodEnabler 3.1.zip/setupx86.exe En Quarantaine Riskware.Hacktool.NODEnabler!IK
C:\Documents and Settings\Aurelien\Mes documents\Downloads\Vidéo\Call Of Duty 4 Modern Warfare [Spanish]WwW.GamesTorrents.CoM\COD4MW SPANISH\CRACK\rzr-cod4.exe En Quarantaine Riskware.Keygen.CoD4!IK
C:\Documents and Settings\Aurelien\Bureau\Star Wars Battle Front 2\SWBFII001\Crack+Keygen+Patch.RELOADED\rld-swbf2kg.exe En Quarantaine Trojan.Crypt.XPACK!IK
C:\Documents and Settings\Aurelien\Bureau\HR-v6.3-RVS-v1.6.exe En Quarantaine Trojan-Downloader.Win32.Delf!IK
c:\program files\pacbomber\options.ini En Quarantaine Trace.File.PacBomber!A2
c:\program files\pacbomber\stat.dat En Quarantaine Trace.File.PacBomber!A2
c:\documents and settings\aurelien\application data\microsoft\internet explorer\quick launch\gamespy arcade.lnk En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\4dca9208.dat En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\aphex.exe En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\arcres.dll En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\banner.html En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_banner.gif En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_banner.html En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_bannerbg.jpg En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_loading.gif En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_logo.jpg En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\def_news.html En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\fpupdate.exe En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade - debug.lnk En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade help.url En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade website.url En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy arcade.lnk En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gamespy.com gaming's homepage.url En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gsapak.exe En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gslan.dll En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\gsws.dll En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\install.log En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\pw32.dll En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\readme.html En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\register gamespy arcade.url En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\rptcrash.exe En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news\rsrc.dir En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news\service_tab.psd En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_news\service_tab+.tga En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_support\rsrc.dir En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\services\_support\service_tab.psd En Quarantaine Trace.File.GameSpy Arcade!A2
c:\program files\gamespy arcade\ws_default.html En Quarantaine Trace.File.GameSpy Arcade!A2
c:\windows\0101120101464849.dat En Quarantaine Trace.File.nicevideo15.com!A2
c:\windows\934fdfg34fgjf23 En Quarantaine Trace.File.nosirrah install!A2
c:\documents and settings\aurelien\application data\wiaserva.log En Quarantaine Trace.File.newnetnameshop.cn!A2
c:\windows\bf23567.dat En Quarantaine Trace.File.24.93.247.230!A2
c:\program files\pacbomber En Quarantaine Trace.Directory.PacBomber!A2
c:\program files\gamespy arcade En Quarantaine Trace.Directory.GameSpy Arcade!A2
c:\documents and settings\aurelien\menu démarrer\programmes\gamespy arcade En Quarantaine Trace.Directory.GameSpy Arcade!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1269211246218000 En Quarantaine Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267733190906001 En Quarantaine Trace.TrackingCookie.promo.awempire.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267577342375001 En Quarantaine Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267131324171001 En Quarantaine Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1268091621328001 En Quarantaine Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1267131313218000 En Quarantaine Trace.TrackingCookie.d1.openx.org!A2
C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\cookies.sqlite:1266160904890000 En Quarantaine Trace.TrackingCookie.webtrends!A2

En Quarantaine

Fichiers : 8
Traces : 308
Cookies : 21

Pour SuperAntiSpyware :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2010 at 06:28 PM

Application Version : 4.34.1000

Core Rules Database Version : 4716
Trace Rules Database Version: 2528

Scan type : Complete Scan
Total Scan Time : 00:33:03

Memory items scanned : 539
Memory threats detected : 0
Registry items scanned : 5752
Registry threats detected : 0
File items scanned : 29484
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Aurelien\Cookies\aurelien@atdmt[2].txt

Trojan.VXGame-Variant/D
C:\DOCUMENTS AND SETTINGS\AURELIEN\MES DOCUMENTS\DOWNLOADS\VIDéO\CALL OF DUTY 4 MODERN WARFARE [SPANISH]WWW.GAMESTORRENTS.COM\COD4MW SPANISH\SETUP\RSRC\AUTORUN.EXE

Trojan.Agent/Gen-SVC[Fake]
C:\PROGRAM FILES\ESET\NODENABLER\SETTINGS MANAGER.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A97FB7E5-3FC3-43CE-A89B-03CCC15C479F}\RP572\A0077444.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A97FB7E5-3FC3-43CE-A89B-03CCC15C479F}\RP572\A0077445.EXE

Et pour finir Malwarebytes' :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3906
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/03/2010 23:40:48
mbam-log-2010-03-23 (23-40-48).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 466585
Temps écoulé: 1 hour(s), 11 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.


Et pour les scans avec OTL, les voici :

OTL.Txt :

OTL logfile created on: 30/03/2010 12:42:49 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Aurelien\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 387,73 Gb Free Space | 55,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 7,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 14,91 Gb Total Space | 1,86 Gb Free Space | 12,48% Space Free | Partition Type: FAT32

Computer Name: AURELIEN-7E8554
Current User Name: Aurelien
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/27 20:23:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelien\Bureau\OTL.exe
PRC - [2010/03/24 00:46:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 01:43:38 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/02/20 02:21:32 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2010/02/02 19:34:36 | 001,845,248 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2009/12/08 15:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009/11/13 13:01:20 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/12 17:51:28 | 000,692,321 | ---- | M] ( ) -- C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
PRC - [2009/09/06 14:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/28 15:32:28 | 000,380,416 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/05/28 15:32:26 | 000,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 16:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/05/02 22:18:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/10/18 21:05:23 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/06/03 01:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 14:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2007/04/09 10:49:30 | 000,667,648 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe


========== Modules (SafeList) ==========

MOD - [2010/03/27 20:23:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelien\Bureau\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/09/24 00:43:00 | 003,429,200 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/06 14:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/03 04:01:09 | 000,304,528 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009/05/28 15:32:26 | 000,053,760 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/05/14 16:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/05/02 22:18:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/21 15:36:50 | 000,216,232 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/12/16 22:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/02/26 14:13:22 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - [2010/03/29 19:29:32 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/26 22:53:35 | 000,138,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/03 04:01:10 | 003,468,904 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009/05/28 15:32:24 | 000,108,032 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/25 11:49:10 | 000,086,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009/05/25 11:49:08 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 11:49:08 | 000,109,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009/05/25 11:49:08 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009/05/25 11:49:08 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 11:49:08 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2009/05/25 11:49:08 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/14 16:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/21 15:39:26 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/12/24 02:52:05 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/12/17 08:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 08:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
DRV - [2008/12/17 08:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 08:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 22:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/20 11:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 12:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/02/02 17:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/01/14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/07/19 02:42:29 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/12/21 19:25:20 | 000,429,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/11/03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2001/08/17 22:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-329068152-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
IE - HKU\S-1-5-21-746137067-329068152-682003330-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-746137067-329068152-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-329068152-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/24 00:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/24 00:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/11/02 00:01:03 | 000,000,000 | ---D | M]

[2008/09/27 23:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Extensions
[2010/03/30 12:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\extensions
[2009/08/08 15:52:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/09 15:00:34 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/09/28 02:07:27 | 000,000,000 | ---D | M] (FoxGame) -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010/01/08 20:32:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/13 20:31:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/12/09 20:05:22 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\searchplugins\ask.xml
[2009/04/25 00:02:14 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Aurelien\Application Data\Mozilla\Firefox\Profiles\h8gj9245.default\searchplugins\daemon-search.xml
[2010/03/30 12:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/03/15 00:05:27 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/15 00:05:27 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/15 00:05:27 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/10 13:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/03/15 00:05:27 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/24 00:46:23 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/04/11 23:37:41 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-746137067-329068152-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-746137067-329068152-682003330-1004\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-746137067-329068152-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-746137067-329068152-682003330-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Auto EPSON Stylus DX4000 Series sur TITANIUM] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\NodEnabler\NodEnabler.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
O4 - HKU\S-1-5-21-746137067-329068152-682003330-1004..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-746137067-329068152-682003330-1004..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKU\S-1-5-21-746137067-329068152-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-746137067-329068152-682003330-1004..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-746137067-329068152-682003330-1004..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-746137067-329068152-682003330-1004..\Run: [SteamUp] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Aurelien\Menu Démarrer\Programmes\Démarrage\GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (ShalSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-329068152-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-746137067-329068152-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\WINDOWS\worldofwarcraft-1024.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\worldofwarcraft-1024.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/26 13:52:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 14:26:23 | 000,000,309 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4f809ab2-8bc8-11dd-a744-002215439709}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{8f92c1d6-1441-11df-ab40-000e2ee7a45a}\Shell - "" = AutoRun
O33 - MountPoints2\{8f92c1d6-1441-11df-ab40-000e2ee7a45a}\Shell\AutoRun\command - "" = L:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/26 21:19:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\pdvcodec.dll (Matsubleepa Electric Industrial Co., Ltd.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvid.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 17:16:10 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2010/03/28 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Local Settings\Application Data\Opera
[2010/03/28 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Application Data\Opera
[2010/03/28 15:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/03/28 15:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\WowCartographe
[2010/03/27 20:23:14 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aurelien\Bureau\OTL.exe
[2010/03/24 13:19:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aurelien\Recent
[2010/03/22 22:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/03/22 22:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Mes documents\a-squared Free
[2010/03/21 19:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Bureau\Gifs pour Web Cam
[2010/03/21 16:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010/03/21 16:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Application Data\ManyCam
[2010/03/21 00:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Bureau\Imprimées d'inscription Post-Bac
[2010/03/17 21:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/17 21:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/17 21:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/16 20:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aurelien\Application Data\TS3Client
[2010/03/16 20:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/03/14 12:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak3
[2009/11/02 15:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/09/09 14:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/04 18:01:10 | 000,525,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2009/09/04 18:01:08 | 001,691,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2009/09/04 18:01:08 | 000,094,024 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2009/07/15 22:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/04/27 19:20:05 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Aurelien\Application Data\tsdnwin.dll
[2008/11/05 20:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/05 15:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/03 22:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2008/11/03 22:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/09/26 13:52:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/09/26 13:52:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/30 12:40:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FA0A6CEE-AC4C-4BE7-A7F5-AE0DEC129973}.job
[2010/03/30 12:36:14 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2806B848-6978-422C-BFDB-EA9062F6A8FC}.job
[2010/03/30 12:09:24 | 000,500,482 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/30 12:09:24 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 12:09:24 | 000,080,508 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/30 12:09:24 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 12:09:23 | 001,094,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 12:05:29 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/30 12:05:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/30 12:05:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 12:05:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/03/30 12:05:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/03/30 07:01:24 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Aurelien\ntuser.dat
[2010/03/30 07:01:24 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Aurelien\ntuser.ini
[2010/03/30 06:37:44 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/29 19:29:32 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/29 19:14:32 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\Aurelien\Application Data\SamsungLiveUpdateConfig.ini
[2010/03/29 00:20:07 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Aurelien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 16:52:25 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Aurelien\Application Data\default.rss
[2010/03/28 16:52:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/28 15:41:31 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/03/27 22:44:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Aurelien\Bureau\Raccourci vers left4dead2.exe.lnk
[2010/03/27 20:23:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aurelien\Bureau\OTL.exe
[2010/03/27 15:54:25 | 000,000,000 | ---- | M] () -- C:\patcher.exe
[2010/03/27 15:54:23 | 000,000,000 | ---- | M] () -- C:\updatepack.exe
[2010/03/27 03:13:04 | 003,196,500 | -H-- | M] () -- C:\Documents and Settings\Aurelien\Local Settings\Application Data\IconCache.db
[2010/03/26 22:53:35 | 000,138,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/26 14:46:51 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
[2010/03/25 00:40:56 | 000,022,642 | ---- | M] () -- C:\Documents and Settings\Aurelien\Bureau\Ogame Cible de raides.ods
[2010/03/24 20:44:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 12:51:33 | 116,920,034 | ---- | M] () -- C:\Sauv.reg
[2010/03/22 00:53:08 | 000,033,460 | ---- | M] () -- C:\Documents and Settings\Aurelien\Mes documents\cc_20100321_235211.reg
[2010/03/17 21:46:05 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/03/17 21:08:25 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2010/03/16 20:04:11 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TeamSpeak 3 Client.lnk
[2010/03/14 12:19:47 | 000,001,544 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/03/10 02:49:14 | 000,012,298 | ---- | M] () -- C:\Documents and Settings\Aurelien\Bureau\Espagnol.odt
[2010/03/05 02:11:22 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 15:41:31 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Opera.lnk
[2010/03/27 22:41:19 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Aurelien\Bureau\Raccourci vers left4dead2.exe.lnk
[2010/03/25 00:40:55 | 000,022,642 | ---- | C] () -- C:\Documents and Settings\Aurelien\Bureau\Ogame Cible de raides.ods
[2010/03/24 12:50:54 | 116,920,034 | ---- | C] () -- C:\Sauv.reg
[2010/03/22 00:52:16 | 000,033,460 | ---- | C] () -- C:\Documents and Settings\Aurelien\Mes documents\cc_20100321_235211.reg
[2010/03/17 21:46:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/03/17 21:08:25 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Safari.lnk
[2010/03/16 20:04:11 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TeamSpeak 3 Client.lnk
[2010/03/10 02:49:14 | 000,012,298 | ---- | C] () -- C:\Documents and Settings\Aurelien\Bureau\Espagnol.odt
[2010/03/05 02:11:22 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/11/03 13:17:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPSDaFiNoSv.ini
[2009/11/02 23:24:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/02 14:55:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/09/26 17:00:03 | 000,001,544 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/09/10 22:49:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/09/10 22:49:41 | 000,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2009/09/10 22:49:41 | 000,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2009/09/10 22:49:41 | 000,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2009/09/10 22:49:41 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2009/09/10 22:49:41 | 000,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2009/09/10 22:49:41 | 000,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2009/09/10 22:49:41 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2009/09/10 22:49:41 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2009/09/10 22:49:41 | 000,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2009/09/10 22:49:41 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2009/09/10 22:49:41 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2009/09/10 22:49:41 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2009/09/10 22:49:41 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2009/09/10 22:49:41 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2009/09/10 22:49:41 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2009/09/04 18:01:20 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2009/09/04 18:01:20 | 001,412,894 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2009/09/04 18:01:20 | 001,127,209 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2009/09/04 18:01:20 | 000,994,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2009/09/04 18:01:20 | 000,273,960 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2009/09/04 18:01:20 | 000,272,603 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2009/09/04 18:01:20 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2009/09/04 18:01:20 | 000,138,009 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2009/09/04 18:01:20 | 000,121,786 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2009/09/04 18:01:20 | 000,092,676 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2009/09/04 18:01:20 | 000,086,029 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2009/09/04 18:01:20 | 000,054,522 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2009/09/04 18:01:20 | 000,045,351 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2009/09/04 18:01:20 | 000,021,843 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2009/09/04 18:01:18 | 001,906,870 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2009/09/04 18:01:18 | 001,802,058 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2009/09/04 18:01:18 | 001,709,360 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2009/09/04 18:01:18 | 000,965,421 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2009/09/04 18:01:18 | 000,803,876 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2009/09/04 18:01:18 | 000,196,754 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2009/09/04 18:01:18 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2009/09/04 18:01:18 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2009/09/04 18:01:18 | 000,018,496 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2009/09/04 18:01:14 | 001,973,702 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2009/09/04 18:01:14 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2009/09/04 18:01:14 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2009/09/04 18:01:14 | 001,040,737 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2009/09/04 18:01:14 | 000,864,600 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2009/09/04 18:01:14 | 000,275,036 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2009/09/04 18:01:14 | 000,273,010 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2009/09/04 18:01:14 | 000,251,186 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2009/09/04 18:01:14 | 000,226,242 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2009/09/04 18:01:14 | 000,122,336 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2009/09/04 18:01:14 | 000,121,506 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2009/09/04 18:01:14 | 000,093,726 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2009/09/04 18:01:14 | 000,092,732 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2009/09/04 18:01:14 | 000,054,600 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2009/09/04 18:01:14 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2009/09/04 18:01:14 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2009/09/04 18:01:12 | 001,769,862 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2009/09/04 18:01:12 | 001,443,274 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2009/09/04 18:01:12 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2009/09/04 18:01:12 | 000,818,260 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2009/09/04 18:01:12 | 000,269,620 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2009/09/04 18:01:12 | 000,269,016 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2009/09/04 18:01:12 | 000,121,054 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2009/09/04 18:01:12 | 000,093,128 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2009/09/04 18:01:12 | 000,055,050 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2009/09/04 18:01:12 | 000,021,905 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2009/09/04 18:01:10 | 001,792,600 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2009/09/04 18:01:10 | 001,607,766 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2009/09/04 18:01:10 | 001,607,278 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2009/09/04 18:01:10 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2009/09/04 18:01:10 | 001,362,796 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2009/09/04 18:01:10 | 001,336,002 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2009/09/04 18:01:10 | 001,064,925 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2009/09/04 18:01:10 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2009/09/04 18:01:10 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2009/09/04 18:01:10 | 000,699,044 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2009/09/04 18:01:10 | 000,698,464 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2009/09/04 18:01:10 | 000,197,114 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2009/09/04 18:01:10 | 000,178,359 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2009/09/04 18:01:10 | 000,152,901 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2009/09/04 18:01:10 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2009/09/04 18:01:08 | 013,264,168 | ---- | C] () -- C:\Program Files\dxnt.cab
[2009/09/04 18:01:08 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2009/09/04 18:01:08 | 001,084,712 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2009/09/04 18:01:08 | 001,013,225 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2009/09/04 18:01:08 | 000,194,667 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2009/09/04 18:01:08 | 000,180,777 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2009/09/04 18:01:08 | 000,147,983 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2009/09/04 18:01:08 | 000,133,663 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2009/09/04 18:01:08 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2009/09/04 18:01:08 | 000,095,637 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2009/09/04 18:01:08 | 000,044,440 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2009/09/04 18:01:06 | 000,145,591 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2009/09/04 18:01:04 | 003,319,732 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x86.cab
[2009/09/04 18:01:04 | 003,112,103 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x64.cab
[2009/09/04 18:01:04 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2009/09/04 18:01:04 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2009/09/04 18:01:04 | 001,357,968 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2009/09/04 18:01:04 | 001,155,483 | ---- | C] () -- C:\Program Files\BDANT.cab
[2009/09/04 18:01:04 | 001,079,448 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2009/09/04 18:01:04 | 000,975,148 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2009/09/04 18:01:04 | 000,930,108 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x64.cab
[2009/09/04 18:01:04 | 000,919,036 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
[2009/09/04 18:01:04 | 000,900,598 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
[2009/09/04 18:01:04 | 000,728,456 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x86.cab
[2009/09/04 18:01:04 | 000,273,264 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x64.cab
[2009/09/04 18:01:04 | 000,272,634 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x86.cab
[2009/09/04 18:01:04 | 000,271,404 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2009/09/04 18:01:04 | 000,271,038 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2009/09/04 18:01:04 | 000,232,635 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x64.cab
[2009/09/04 18:01:04 | 000,212,799 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2009/09/04 18:01:04 | 000,192,467 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2009/09/04 18:01:04 | 000,192,131 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x86.cab
[2009/09/04 18:01:04 | 000,191,712 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2009/09/04 18:01:04 | 000,136,301 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x64.cab
[2009/09/04 18:01:04 | 000,122,408 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x64.cab
[2009/09/04 18:01:04 | 000,121,764 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2009/09/04 18:01:04 | 000,105,036 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x86.cab
[2009/09/04 18:01:04 | 000,093,098 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x86.cab
[2009/09/04 18:01:04 | 000,092,996 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2009/09/04 18:01:02 | 001,464,664 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2009/09/04 18:01:00 | 001,800,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2009/09/04 18:01:00 | 001,794,076 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2009/09/04 18:01:00 | 001,708,144 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2009/09/04 18:01:00 | 001,350,534 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2009/09/04 18:01:00 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2009/09/04 18:01:00 | 000,867,604 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2009/09/04 18:01:00 | 000,852,286 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2009/09/04 18:01:00 | 000,849,167 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2009/09/04 18:01:00 | 000,796,859 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2009/09/04 18:01:00 | 000,198,088 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2009/09/04 18:01:00 | 000,182,903 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2009/09/04 18:01:00 | 000,153,004 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2009/09/04 18:01:00 | 000,137,235 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2009/09/04 18:01:00 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2009/09/04 18:01:00 | 000,087,142 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2009/09/04 18:01:00 | 000,053,294 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2009/09/04 18:01:00 | 000,046,058 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2009/09/04 18:00:58 | 004,162,630 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2009/09/04 18:00:58 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2009/09/04 18:00:58 | 001,606,031 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2009/09/04 18:00:58 | 000,916,430 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2009/09/04 18:00:58 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2009/09/04 18:00:58 | 000,695,857 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2009/09/04 18:00:58 | 000,195,758 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2009/09/04 18:00:58 | 000,179,125 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2009/09/04 18:00:58 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2009/09/04 18:00:58 | 000,133,095 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2009/09/04 18:00:58 | 000,087,101 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2009/09/04 18:00:58 | 000,046,002 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2009/09/04 18:00:56 | 001,397,822 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2009/09/04 18:00:56 | 001,347,354 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2009/09/04 18:00:56 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2009/09/04 18:00:56 | 001,078,954 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2009/08/29 02:27:14 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/07/16 00:52:34 | 000,138,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/10 02:41:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Aurelien\Application Data\PnkBstrK.sys
[2009/06/24 19:38:19 | 000,000,068 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
[2009/05/02 22:26:05 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/04/27 19:19:08 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\Aurelien\Application Data\SamsungLiveUpdateConfig.ini
[2009/04/24 23:59:16 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/02/27 23:56:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Aurelien\Application Data\downloads.m3u
[2009/02/09 20:52:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/01/18 05:38:05 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Aurelien\Application Data\default.rss
[2009/01/18 03:09:46 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/16 22:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/15 15:06:44 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/30 03:10:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/30 03:10:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/30 03:10:02 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/30 03:10:02 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/30 03:10:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/30 03:10:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/28 00:33:39 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/10/18 21:06:15 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/15 19:55:53 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/01 16:04:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/10/01 16:02:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4000DEFGIPS.ini
[2008/10/01 15:30:55 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Aurelien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/30 21:52:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\VideoLink Pro.INI
[2008/09/30 21:41:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\VIDEOL~1.INI
[2008/09/30 21:40:57 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2008/09/30 21:40:57 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2008/09/30 21:40:32 | 000,000,598 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2008/09/30 21:40:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/30 21:40:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2008/09/30 21:39:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/09/30 21:33:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PB_setup.ini
[2008/09/28 16:00:26 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/09/28 16:00:26 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/09/28 15:48:52 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/09/26 14:27:19 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/09/26 14:27:19 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/09/26 14:27:17 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/09/26 14:27:17 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/09/26 14:12:29 | 000,036,899 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/09/26 14:12:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/09/26 14:12:09 | 000,036,503 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/09/26 14:12:09 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/09/10 17:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Aurelien\Bureau\mediago_setup.exe:SummaryInformation
@Alternate Data Stream - 478 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


Et Extras.Txt :

OTL Extras logfile created on: 30/03/2010 12:42:49 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Aurelien\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 387,73 Gb Free Space | 55,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 7,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 14,91 Gb Total Space | 1,86 Gb Free Space | 12,48% Space Free | Partition Type: FAT32

Computer Name: AURELIEN-7E8554
Current User Name: Aurelien
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-746137067-329068152-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3728:TCP" = 3728:TCP:*:Enabled:gigatribe
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"25686:UDP" = 25686:UDP:*:Enabled:Emule49c
"60105:TCP" = 60105:TCP:*:Enabled:Emule49c
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\VideoLink Pro\SMListenEngine.exe" = C:\Program Files\VideoLink Pro\SMListenEngine.exe:*:Enabled:Tray Listening Engine -- (Smith Micro Software, Inc.)
"C:\Jeux\RavenShield\system\UCC.exe" = C:\Jeux\RavenShield\system\UCC.exe:*:Enabled:UCC -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Aurelien\Mes documents\Logiciels\VDownloader.exe" = C:\Documents and Settings\Aurelien\Mes documents\Logiciels\VDownloader.exe:*:Enabled:VDownloader -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Jeux\aom.exe" = C:\Jeux\aom.exe:*:Enabled:Age of Mythology -- File not found
"C:\Jeux\aomx.exe" = C:\Jeux\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- File not found
"C:\Program Files\GigaTribe\gigatribe.exe" = C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe -- (ShalSoft)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Jeux NES\Nestopia 1_40 Fr\NESTCL95.EXE" = C:\Jeux NES\Nestopia 1_40 Fr\NESTCL95.EXE:*:Enabled:NESTCL95 -- File not found
"C:\Documents and Settings\Aurelien\Mes documents\Teamspeak2_RC2\server_windows.exe" = C:\Documents and Settings\Aurelien\Mes documents\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found
"C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Jeux\RavenShield\system\RavenShield.exe" = C:\Jeux\RavenShield\system\RavenShield.exe:*:Enabled:RavenShield -- ()
"C:\Program Files\ubi.com\Core\GS4.exe" = C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service -- (Ubi Soft Entertainment Inc.)
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe" = C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP -- ()
"C:\Jeux\autopatcher.exe" = C:\Jeux\autopatcher.exe:*:Enabled:autopatcher.exe -- File not found
"C:\Jeux\autopatcherx.exe" = C:\Jeux\autopatcherx.exe:*:Enabled:autopatcherx.exe -- File not found
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Jeux\FalloutLauncher.exe" = C:\Jeux\FalloutLauncher.exe:*:Enabled:Fallout 3 -- File not found
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Jeux\World of Warcraft\Launcher.exe" = C:\Jeux\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- ()
"C:\Jeux\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe" = C:\Jeux\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Jeux\RavenShield\system\UpgradeLauncher.exe" = C:\Jeux\RavenShield\system\UpgradeLauncher.exe:*:Enabled:UpgradeLauncher.exe -- (Ubisoft)
"C:\Jeux\RavenShield\system\pb\PnkBstrB.exe" = C:\Jeux\RavenShield\system\pb\PnkBstrB.exe:*:Enabled:PnkBstrB.exe -- ()
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe" = C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe" = C:\Program Files\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:*:Enabled:Pro Cycling Manager - Season 2008 -- (Cyanide)
"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe" = C:\Program Files\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:*:Enabled:Pro Cycling Manager - Season 2008 - AutoRun -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Jeux\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Jeux\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Jeux\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Jeux\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Jeux\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Jeux\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Jeux\Counter-Strike Source\hl2.exe" = C:\Jeux\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)
"D:\FRANCAIS\EdiMax\Installer\FirstTimeInstaller.exe" = D:\FRANCAIS\EdiMax\Installer\FirstTimeInstaller.exe:*:Enabled:FirstTimeInstaller -- File not found
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Jeux\Left 4 Dead 2\left4dead2.exe" = C:\Jeux\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{11E449CD-3BC5-4EB7-9D56-974A59B3AF63}" = Motorola Phone Tools
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}" = Adobe Setup
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}" = Adobe Flash Video Encoder
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF7993C-23B1-4C91-B1F6-09D13C57A06A}_is1" = VirtualDub 1.8.6 Fr
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21C4D775-368A-46C4-8DC3-4207165B7115}" = Adobe Fireworks CS3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A1AA9CF-2E7D-4235-BDAB-8FA4291DD5D8}" = OpenOffice.org 2.4
"{2A7F0737-99DD-4D56-8866-C4FE96F44F2A}" = TES Construction Set
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E50C3F-46FB-4827-9BC3-0429860F5288}_is1" = ALLCapture 3.0 Essai
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40FD99B4-63C3-49EE-A3BE-5D87762F3F2D}" = ArcSoft PhotoBase 3
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4BD48773-04E9-445F-AC8E-89843ADD3857}" = ESET NOD32 Antivirus
"{4BDB76C6-902E-41D5-9064-68768E02886B}" = Adobe Dreamweaver CS3
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5AC2D321-11E2-47E7-A1CA-61A34C2057AB}" = WOT pour Internet Explorer
"{5D2398DF-3022-4820-93BA-F1175FBEA9CA}" = Adobe Creative Suite 3 Master Collection
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E08CE13-C2AB-4749-9335-5900B958929E}" = Adobe Illustrator CS3
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CCA1688-6F09-49AE-887B-E29A552A187A}" = Morrowind
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80FD3971-8482-49C8-BA8C-B6464A15882F}" = Adobe Flash CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{923C8F79-D70B-4E53-B278-41AD6560C55C}" = ArcSoft VideoImpression 1.6
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95633EBE-216B-48B5-B103-0C9919787F46}" = Obscure
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B789FA51-6A71-408F-92DE-EDE4A517B8F6}_is1" = RAR Password Unlocker 3.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}" = Adobe Photoshop CS3
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d020b21c-0074-4f4c-abb3-5fc6bb17981d}" = Nero 9
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6E6B04E-0498-4794-B272-2EDE12E02837}_is1" = VirtualDub Plugin Pack 1.0.0.4 Fr
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEEC6C50-046E-4962-B71D-52B973101930}" = ArcSoft PhotoImpression
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}" = Ma-Config.com
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDAC90A7-D34A-47D2-A644-BE5356C5F409}" = Philips ToUcam Pro Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F84ADE4E-9220-4324-994D-801EDD9DD251}" = Adobe Contribute CS3
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilitaire de configuration iPhone
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}" = Adobe InDesign CS3
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"7-Zip" = 7-Zip 4.61 beta
"ABC Amber ICL Converter" = ABC Amber ICL Converter
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_b5d5789539ea1f004a4defceea74312" = Ajouter ou supprimer Adobe Creative Suite 3 Master Collection
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"American Conquest" = American Conquest
"Apex Free 3GP Video Converter_is1" = Apex Free 3GP Video Converter 7.27
"Audacity_is1" = Audacity 1.2.6
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CamStudio" = CamStudio
"CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"CurseClient" = Curse Client
"D.O.D. Map Pack v1.2" = D.O.D. Map Pack v1.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.3
"GameCenter" = GameCenter
"GAMEFORGE Nostale(FR)_is1" = Nostale Online FR (Remove)
"GoldenEye Basement" = GoldenEye Basement
"Guild Wars" = GUILD WARS
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{95633EBE-216B-48B5-B103-0C9919787F46}" = Obscure
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5
"legacyqcam_11.10" = Coffret de pilotes Logitech Legacy USB Camera
"lignee_humaine_is1" = lignee_humaine version 1.2
"lvdrivers_11.90" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikes Bridge" = Mikes Bridge
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"mv61xxDriver" = marvell 61xx
"NBK_STREETS" = NBK_STREETS
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NodEnabler" = NodEnabler 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"Painkiller" = Painkiller
"Painkiller - Battle Out Of Hell" = Painkiller - Battle Out Of Hell
"PangYa_Eu" = PangYa_Eu (Goa)
"PCSX2-beta-r1888" = PCSX2 - Playstation 2 Emulator
"PhotoFiltre" = PhotoFiltre
"PhotoFiltre Studio" = PhotoFiltre Studio
"Pro Cycling Manager 2008_is1" = Pro Cycling Manager - Season 2008 1.0.0.0
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Sandboxie" = Sandboxie 3.38
"ShalSoft.GigaTribe_is1" = GigaTribe 2.46
"SpeedSim" = SpeedSim
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stardock MyColors" = Stardock MyColors
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamSpeak Client_is1" = TeamSpeak Client
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoLink Pro" = VideoLink Pro
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wow Cartographe" = Wow Cartographe 1.10
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec
"Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-329068152-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"SOLFEGE" = Solfege
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/03/2010 07:24:43 | Computer Name = AURELIEN-7E8554 | Source = MsiInstaller | ID = 1013
Description = Produit : ESET NOD32 Antivirus -- Une version plus récente d'ESET
NOD32 Antivirus est déjà installée sur cet ordinateur.

Error - 14/03/2010 12:31:27 | Computer Name = AURELIEN-7E8554 | Source = | ID = 0
Description =

Error - 21/03/2010 11:23:00 | Computer Name = AURELIEN-7E8554 | Source = | ID = 0
Description =

Error - 21/03/2010 11:55:05 | Computer Name = AURELIEN-7E8554 | Source = | ID = 0
Description =

Error - 21/03/2010 12:56:59 | Computer Name = AURELIEN-7E8554 | Source = | ID = 0
Description =

Error - 21/03/2010 13:44:11 | Computer Name = AURELIEN-7E8554 | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.2.3667, module défaillant
sphoneparser.dll, version 1.0.1.184, adresse de défaillance 0x00062497.

Error - 23/03/2010 19:25:16 | Computer Name = AURELIEN-7E8554 | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/03/2010 12:40:44 | Computer Name = AURELIEN-7E8554 | Source = | ID = 0
Description =

Error - 26/03/2010 21:12:51 | Computer Name = AURELIEN-7E8554 | Source = Application Hang | ID = 1002
Description = Application bloquée RaUI.exe, version 1.3.2.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 28/03/2010 14:13:11 | Computer Name = AURELIEN-7E8554 | Source = | ID = 0
Description =

[ System Events ]
Error - 26/03/2010 17:31:11 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 26/03/2010 21:12:19 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 26/03/2010 22:37:05 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 27/03/2010 05:08:36 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 28/03/2010 03:14:19 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 29/03/2010 00:32:10 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 29/03/2010 13:12:54 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 29/03/2010 20:37:24 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 30/03/2010 00:37:42 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 30/03/2010 06:05:23 | Computer Name = AURELIEN-7E8554 | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
de l'erreur : %%2


< End of report >

Edited by aurelien, 30 March 2010 - 07:46 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:45 AM

Posted 02 April 2010 - 01:25 PM

Salut,

désolée pour le délais, j'ai été prise pendant la semaine. Les rapports me semblent pas infectés. Est-ce que tu as supprimés tous les fichiers que les programmes ont trouvé ou as tu seulement fais un scan?

Fait s'il te plait aussi un scan avec gmer:
Télécharge GMER Rootkit Scanner du lien suivant :

http://www.gmer.net/#files

- Clique sur le bouton "Download EXE"
- Sauvegarde-le sur ton Bureau
- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.
- Ferme les fenêtres de navigateur ouvertes
- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;
- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"
- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :
  • Sections
  • IAT/EAT
  • Devices
  • **Assure-toi que "Show All" est décoché**
- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)
- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;
- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;
- Copie/colle le contenu de ce rapport dans ta réponse.

Note: la petite différence stp: il y a des options à décocher avant de lancer le scan: en plus de "Sections" et "IAT/EAT", déoche aussi "Devices"

Si jamais le scan plante (ca doit être assez rapide), recommence stp mais décoche cette fois ci en plus >> "Files"

Finalement essaye de désinstaller et réinstaller Firefox, l'erreur que tu décrit ne proviens pas forcément de malware, c'est peut-être simplement l'installation du programme qui a été corrompu.

myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 aurelien

aurelien
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 03 April 2010 - 09:38 AM

Heuuu, je sais pas ce que c'est le logiciel que tu ma conseillé, mais sans vouloir être méchant c'est de la merde, il m'a fait planté 2 fois le PC, il à scanné pendant 3H puis quand je suis revenu sur le PC il m'a tout bloqué, freeze le PC, rien qui bougé, j'ai dû redémarer, et le PC à même du redémarer seul à un moment, car un écran bleu est apparut en me disant qu'il y avais une érreur de je sais pas trop quoi, sa à quitté trop vite, mais au redémarrage il y avait un petit cadre comme quoi erreur importante au niveau système Data .... je sais plus quoi, bref, comme d'hab ils demande d'envoyé çà à Microsoft, j'ai mis annulé car sa sert jamais à rien.
Bref après çà, j'ai réessayé tout de même en décochant Files, c'est allé beaucoup plus vite, mais sa fait ramé quand même, j'ai enregistré le scan, puis j'ai fermé le logiciel en cliquand sur "OK" mais depuis mon PC tourne à 100% coté performance, ce qui fait que quand j'ai essayé d'ouvrir open office pour lire la suite de tes consigne que j'ai enregistré dessus, sa me le plante tout le temps au bout de quelques secondes, et me marque "terminer l'application".
Je vais redémarrer le PC, il devrais moins ramer, mais c'est pas normal que même après avoir fermé ton logiciel le PC reste à 100%.
Sinon, pour tous les scans que je t'ai montré jusqu'à maintenant j'ai nettoyé à chaque fois, sauf après le scan de OTL il me semble ni de GMER.

Et voici le rapport de GMER :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-03 16:21:20
Windows 5.1.2600 Service Pack 3
Running: p985zhbu.exe; Driver: C:\DOCUME~1\Aurelien\LOCALS~1\Temp\kfxcqaob.sys


---- System - GMER 1.0.15 ----

SSDT 89D7EA20 ZwAssignProcessToJobObject
SSDT spph.sys ZwCreateKey [0xBA6B50E0]
SSDT 89D7F5A0 ZwDebugActiveProcess
SSDT 89D7EFD0 ZwDuplicateObject
SSDT spph.sys ZwEnumerateKey [0xBA6CDDA4]
SSDT spph.sys ZwEnumerateValueKey [0xBA6CE132]
SSDT spph.sys ZwOpenKey [0xBA6B50C0]
SSDT 89D7E160 ZwOpenProcess
SSDT 89D7E460 ZwOpenThread
SSDT 89D7EE60 ZwProtectVirtualMemory
SSDT spph.sys ZwQueryKey [0xBA6CE20A]
SSDT spph.sys ZwQueryValueKey [0xBA6CE08A]
SSDT 89D7ED00 ZwSetContextThread
SSDT 89D7EB80 ZwSetInformationThread
SSDT 89D7BA50 ZwSetSecurityObject
SSDT spph.sys ZwSetValueKey [0xBA6CE29C]
SSDT 89D7E8C0 ZwSuspendProcess
SSDT 89D7E760 ZwSuspendThread
SSDT 89D7E2F0 ZwTerminateProcess
SSDT 89D7E5F0 ZwTerminateThread
SSDT 89D7F3F0 ZwWriteVirtualMemory

INT 0x63 ? 8AF4BBF8
INT 0x63 ? 8AF4BBF8
INT 0x63 ? 8AF4BBF8
INT 0x63 ? 8AF4BBF8
INT 0x63 ? 8AD33F00
INT 0x83 ? 8AF4BBF8
INT 0x83 ? 8AF4BBF8
INT 0x83 ? 8AD33F00
INT 0x83 ? 8AF4BBF8
INT 0x84 ? 8AD33F00
INT 0xA4 ? 8AD33F00
INT 0xA4 ? 8AD33F00
INT 0xA4 ? 8AD33F00
INT 0xA4 ? 8AD33F00
INT 0xB4 ? 8AD33F00

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x52 0x84 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0x29 0x62 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC3 0xF2 0xF0 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x28 0x95 0x5D 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0x29 0x62 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC3 0xF2 0xF0 0x7B ...

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:45 AM

Posted 04 April 2010 - 07:41 PM

Salut,

désolée, normalement les gens passent certains programmes avant de venir ici, dont un programme qui désactive Daemon Tools car celui-ci ne coopère pas bien avec gmer et peut cause ce genre de problème. Enfin, le scan semble avoir tourné, par contre je ne pense pas que le problème de performance soit lié à gmer, car celui ne change rien au système.

OTL et gmer sont des programmes d'analyse, ils ne modifient rien et listent seulement des entrées qui sont souvent modifiés par des infections. Ils ne suppriment rien, sauf si on crée un script spécifique à cette occasion. Donc pour le moment les programmes que je t'ai demandés d'exécuter n'ont rien changé.

T'as essayer de réinstaller Firefox pour voir si ca résous ton problème?

Télécharge mbr.exe et sauve le sur ton Buréau
  • Va sur Démarrer > Exécuter et entre: cmd.exe
  • clique Ok.
  • Dans l'interpréteur de commande tape: c:\mbr.exe -t >"C:\mbr.log"
    Note: Il y a un espace entre mbr.exe et -t.
  • appuie sur Retour.
  • un rapport nommé mbr.log et créé sous C:\. Il ne sera pas ouvert automatiquement, s'il-te-plait visite C:\ et copie le contenue du rapport dans ta prochaine réponse.

myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 aurelien

aurelien
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 05 April 2010 - 05:50 AM

Je n'arrive pas à le faire fonctionner, on me dit que ce n'est pas reconnu en temps que commande interne ou externe, un programme exécutable ou un fichier de commandes, par contre c'est quand même bizarre, j'ai trouvé le fichier de rapport dans C: mais il n'y aavni rien dans le rapport, un Bloc note vide, donc qu'est-ce qu'il faut taper exactement :

Dans l'interpréteur de commande tape: c:\mbr.exe -t >"C:\mbr.log"

faut tout marquer, même ce qui est entre guillemet, les espaces sont où, les majuscules? etc
Par contre je n'ai pas lancer ton programme, car tu ne me la pas suggérer dans tes consigne, il le faut?

en tout cas pour ton précédant programme c'était bizarre quand même quand je le lancé, il faisait monter mon PC au maximum de ses capacité, et sa ramé, donc peut être que c'était a cause de deamons tools comme tu dit, je sais pas.

Edited by aurelien, 05 April 2010 - 05:51 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:45 AM

Posted 05 April 2010 - 11:54 AM

Salut,

C'est un problème de traduction simultanée. Désolée. Il manque un bout de la traduction, il faut copier le fichier mbr.exe du bureau à la racine du disque dure sous C:\. Peut tu ressayer après la commande que j'avais donné avant.

l'unique espace obligatoire est entre exe et -t, tu peux aussi rajouer des espaces avant et derrière le >, mais ce n'est pas obligatoire. Les guillemets et le contenu des guillemets sont aussi nécessaires. Les majuscules sont ignorés par Windows, donc les commandes MbR.ExE -t > "c:\MbR.LoG" et mbr.exe -t > "C:\mbr.log" sont les mêmes.

QUOTE
en tout cas pour ton précédant programme c'était bizarre quand même quand je le lancé, il faisait monter mon PC au maximum de ses capacité, et sa ramé, donc peut être que c'était a cause de deamons tools comme tu dit, je sais pas.

J'ai du mal de comprendre, je pensais que tu disais que le PC continuait à être lent après avoir terminé le scan de gmer ce qui ne devrait pas être le cas. Pendant le scan il se peut que le PC rame dépendant des programmes qui interagissent avec gmer et du PC.

myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 aurelien

aurelien
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 April 2010 - 06:30 PM

Haaaa oui, effectivement sa fonctionne mieux, alors voilà le rapport obtenu, très court smile.gif

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spiy.sys >>UNKNOWN [0x8AF3A938]<<
kernel: MBR read successfully
user & kernel MBR OK

Quand je disais que sa ramé, c'était pas seulement pendant que GMER tourné, même après l'avoir fermé, tout planté, toutes les application que j'ouvrais et le PC resté à 100% de ses performance, ce n'est qu'après un reboot et en ne pas relançant ce programme que le PC tourne de nouveau bien, enfin bref c'est pas grave, çà me faisait ramé que quand je m'en suis servis, maintenant sa tourne bien, c'était juste sur le moment, suffit de pas le relancer xD ou du moins pas avec deamons tools en même temps... car çà devais être çà qui faisait planter.
Sinon, maintenant que les rapport sont établi, je peux supprimer tous ces programmes que tu m'a fait installer, pour éviter que sa prenne de la place...?

Aussi, je voulais savoir si tu t'y connaissais en dehors rapports d'analyses Performance/protection, dans la fonctionnalité de Windows, par exemple, j'ai pas mal de logiciel qui se lance dans la barre des Tâche Windows au démarrage, et cela rend plus long le démarrage du PC, donc je voulais savoir comment fait-on pour retirer certain de ces programme dans le lancement automatique, car certains ne me servent pas, enfin je les lance que quand j'en ai besoin, comme par exemple (Steam, logitech camera web). D'ailleurs, y as-t-til un moyen que je puisse scanné se qui s'ouvre au démarrage, pour savoir exactement et pouvoir demander lesquels ne sont pas nécessaire, même si j'ai déjà un e idée, mais surtout pour les programme qu'il ne faut pas retirer de là, car je vaux pas faire de bêtise.
Haaaa, et aussi, j'ai mis la plus part de mes pilotes à jours, je l'ai fait à partir du site "Ma-config.com", mais pour m'embêter le dernier programme n'est pas sous forme d'installateur, ce sont de simple fichiers, hors je m'y connait pas trop, donc pour pas trop t'embêter je voulais déjà savoir si d'après toi l'installation de la mise a jours de ce pilotes est importante, et dans quel cas pourrais tu m'expliquer comment faire précisément.
Voici ce qu'il me conseils(le deuxième, car le premier étant celui que j'ai déjà) :

Marvell Technology Group Ltd. 88SE6121 SATA II Controller
Drivers installés:
Constructeur: Marvell Technology Group Ltd. | Fichier INF: mshdc.inf | Classe: hdc | Version: 5.1.2600.5512 | Date: 01/07/2001

Drivers disponibles:
Marvell 88SE61xx (drivers 1.2.0.7105 WHQL)
Constructeur: Marvell Inc. | Fichier INF: mv61xx.inf | Classe: scsiadapter | Version: 1.2.0.7105. | Date: 12/10/2009 | Date de publication: 05/01/2010

Edited by aurelien, 11 April 2010 - 06:56 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:45 AM

Posted 12 April 2010 - 07:04 AM

Salut,

je peux te donner un certain nombre de lien pour accélérer ton PC, mais je n'ai pas trop l'habitude de le faire et d'accompagner les gens sur ce chemin.
Je ne sais pas si ces liens te serviront à grande chose car ils sont en anglais:Slow Computer/browser? Check Here First; It May Not Be Malware
What to do if your Computer is running slowly
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

Regard peut-être aussi les liens ici, qui eux sont en francais: machine qui rame, que faire

Il y a aussi des programmes qui te listent tous les programmes qui ne sont pas nécessaire pour le bon démarrage de ton ordi. Par exemple StartupLite.exe
Il suffit de lancer le programme, il sélectionnera ensuite tous les programmes à desactiver et tu n'as qu'à suivre les étapes donné par le programme.

La question concernant le démarrage des programmes n'est pas si simple. Au niveau technique tous les entrées données par OTL sont des points de démarrages de différents programmes. Par contre si on cherche des points de démarrages pour des programmes légitimes qui ne cherchent pas à ce cacher, tu devrais trouver la pluspart avec MsConfig. (Appuie sur Démarrer, puis sur exécuter et entre MsConfig et appuie retour.)
Avant de changer quoi que ce soit, fait une sauve-garde manuelle de ta base de registre avec Erunt: Tutorial Erunt

Pour le moment je ne vois aucune indication pour des infections? A-tu des pubs impestives, des redirection sur google, des sites de sécurités bloqués ou autre chose qui te fais penser que tu est infecté?

myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:45 AM

Posted 19 April 2010 - 10:10 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users