Se connecter / S'enregistrer
Votre question

virus Please wait while the connection is being established sur fond blanc

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Novembre 2012 10:35:48

Bonjour, j'ai ce message qui apparaît sur fond blanc, j'ai suivi la procédure avec OTLPE et voici le lien du rapport obtenu avec Malekal. http://pjjoint.malekal.com/files.php?id=20120919_f8m7h6...

Que dois-je faire maintenant ?
Merci

Autres pages sur : virus please wait while the connection being established fond blanc

a b 8 Sécurité
7 Novembre 2012 13:42:39

Bonjour,

Pourquoi tu n'as pas utilisé OTL plus simplement ?
Un peu de lecture : http://forum.malekal.com/les-toolbars-est-pas-obligatoi...

  • Relance OTL.exe
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
    /!\ Attention, utilisateur d'Avast!, ne lancez pas OTL en mode sandbox /!\
  • Copie-colle l'ensemble du texte ci-dessous dans le cadre Personnalisation d'OTL en bas à gauche :

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yougoo.fr/meteo
    FF - prefs.js..browser.startup.homepage: "http://www.yougoo.fr/meteo"
    FF - prefs.js..keyword.URL: "http://www.yougoo.fr/meteo?search&q="
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\AURéLIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZJRQJZQ0.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
    O4 - HKLM..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [Symantec NetDriver Monitor] File not found
    O4 - HKU\Aurélie_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O4 - HKU\Aurélie_ON_C..\Run: [NBJ] File not found
    O4 - HKU\Fabien_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\thomas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Aurélie_ON_C Winlogon: Shell - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Aurélie_ON_C Winlogon: UserInit - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Fabien_ON_C Winlogon: Shell - (C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Fabien_ON_C Winlogon: UserInit - (C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe ()
    O32 - AutoRun File - [2009/10/04 14:47:00 | 000,000,149 | RHS- | M] () - C:\AutoRun.inf -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\AutoRun\command - "" = C:\RavMon.exe -- [2007/10/26 13:02:04 | 000,049,152 | RHS- | M] ()
    O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\explore\Command - "" = C:\RavMon.exe -- [2007/10/26 13:02:04 | 000,049,152 | RHS- | M] ()
    O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\open\Command - "" = C:\RavMon.exe -- [2007/10/26 13:02:04 | 000,049,152 | RHS- | M] ()
    O33 - MountPoints2\{696a7e50-a9fc-11df-b0d3-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{696a7e50-a9fc-11df-b0d3-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\RavMon.exe
    O33 - MountPoints2\K\Shell\explore\Command - "" = K:\RavMon.exe -e
    O33 - MountPoints2\K\Shell\open\Command - "" = K:\RavMon.exe

    :Commands
    [emptytemp]
    [resethosts]

  • Puis clique sur le bouton Correction en haut à gauche.
  • Le pc va redémarrer (si ce n'est pas le cas, fais-le manuellement).
  • Poste le rapport de suppression s'il apparait.

  • Note : le rapport est enregistré sous format .log, il convient de changer cette extension en .txt si tu veux le déposer sur des sites en ligne. S'il n'apparait pas, il se trouve ici : C:\_OTL, sous la forme xxxxxxxx_xxxx.log où x sont la date et l'heure.
    /!\ Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\
    m
    0
    l
    7 Novembre 2012 15:22:35

    Pourrais-tu me donner le procédure pas à pas ? Comment lancer OTP sur l'ordi infecté ?

    m
    0
    l
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    a b 8 Sécurité
    7 Novembre 2012 16:45:48

    Tu as bien accès au mode normal on est d'accord ?
    m
    0
    l
    7 Novembre 2012 21:04:25

    Lorsque j'allume le PC infecté, tout est normal jusqu'à ce que la fenêtre du bureau s'affiche à l'écran. Avant que les icônes n'apparaissent l'écran devient blanc avec le message écrit "Please...." et après plus rien ne fonctionne. J'ai essayé ctrl+alt+suppr et plein d'autres trucs mais rien...
    Pour suivre la procédure OTLPE j'ai dû démarrer en mode sans échec mais je ne me souviens plus de la marche à suivre...

    m
    0
    l
    8 Février 2013 21:23:10

    J'ai suivi la procédure mais au redémarrage, le message sur fond blanc est encore là...

    voici le rapport :

    OTL logfile created on: 2/8/2013 12:55:06 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    447.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 50.00% Memory free
    363.00 Mb Paging File | 268.00 Mb Available in Paging File | 74.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2000 3000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.52 Gb Total Space | 11.58 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
    Drive H: | 3.75 Gb Total Space | 3.75 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet003

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/04/07 02:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/04/07 02:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/12/11 13:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
    SRV - [2007/06/27 11:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - [2007/01/31 07:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/01/11 03:23:14 | 000,235,152 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/01/11 03:23:02 | 000,087,696 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2006/01/11 03:22:44 | 000,255,632 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2005/04/05 04:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2005/03/21 08:24:50 | 000,218,712 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe -- (ccProxy)
    SRV - [2005/01/25 14:48:50 | 000,194,272 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
    SRV - [2004/11/02 09:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
    SRV - [2004/02/25 04:58:20 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
    SRV - [2003/12/14 19:37:12 | 002,252,800 | ---- | M] () [On_Demand] -- C:\mysql\bin\mysqld-nt.exe -- (MysqlInventime)
    SRV - [2003/12/04 13:06:26 | 000,158,640 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
    SRV - [2003/09/05 10:55:26 | 000,798,772 | ---- | M] (AHEAD Software) [Auto] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
    SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2003/06/24 12:23:10 | 000,066,784 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
    SRV - [2003/01/16 20:02:38 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (SymEvent)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/04/07 02:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/20 03:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/03/20 03:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/03/20 03:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2007/09/17 08:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2006/03/01 11:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
    DRV - [2006/02/13 20:48:14 | 000,200,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\Symantec Shared\SymcData\idsdefs\20060410.080\SymIDSCo.sys -- (SYMIDSCO)
    DRV - [2005/07/15 03:00:00 | 000,632,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20050715.033\NAVEX15.SYS -- (NAVEX15)
    DRV - [2005/07/15 03:00:00 | 000,073,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20050715.033\NAVENG.SYS -- (NAVENG)
    DRV - [2005/04/05 04:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/04/05 04:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2005/04/05 04:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2005/04/05 04:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2005/04/05 04:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2005/04/05 04:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2005/04/01 16:38:42 | 000,305,288 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2005/01/25 14:48:52 | 000,037,000 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrtpel.sys -- (SAVRTPEL)
    DRV - [2004/08/03 16:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
    DRV - [2004/05/14 17:24:10 | 000,622,172 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/02/24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/09/23 03:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
    DRV - [2003/09/05 10:59:18 | 000,028,528 | ---- | M] (Ahead Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
    DRV - [2003/09/05 10:58:20 | 000,005,328 | ---- | M] (Ahead Software AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
    DRV - [2003/09/05 10:57:42 | 000,088,800 | ---- | M] (Ahead Software) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
    DRV - [2003/08/21 09:56:36 | 000,025,520 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
    DRV - [2003/02/16 11:33:46 | 001,293,192 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
    DRV - [2003/02/16 10:12:46 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
    DRV - [2003/02/16 10:11:56 | 000,516,616 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
    DRV - [2003/02/16 10:08:18 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
    DRV - [2003/02/05 11:25:56 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
    DRV - [2003/01/16 19:19:32 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
    DRV - [2003/01/10 10:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/12/26 22:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
    DRV - [2002/10/01 03:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yougoo.fr/meteo
    IE - HKU\.DEFAULT\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Aurélie_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\Aurélie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKU\Aurélie_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\Aurélie_ON_C\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
    IE - HKU\Aurélie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Fabien_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\Fabien_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
    IE - HKU\Fabien_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\Fabien_ON_C\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
    IE - HKU\Fabien_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\thomas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\thomas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yougoo.fr/meteo"
    FF - prefs.js..keyword.URL: "http://www.yougoo.fr/meteo?search&q="

    FF - user.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010/07/25 13:16:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010/07/25 13:18:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/29 15:55:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 07:59:16 | 000,000,000 | ---D | M]

    [2011/05/27 13:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aurélie\Application Data\Mozilla\Firefox\Profiles\zjrqjzq0.default\extensions
    [2010/05/26 14:00:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aurélie\Application Data\Mozilla\Firefox\Profiles\zjrqjzq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/07/22 15:40:59 | 000,003,705 | ---- | M] () -- C:\Documents and Settings\Aurélie\Application Data\Mozilla\Firefox\Profiles\zjrqjzq0.default\searchplugins\YouGoo.xml
    [2009/11/29 15:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/09/27 15:25:27 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\AURéLIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZJRQJZQ0.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
    [2010/07/25 13:18:00 | 000,000,000 | ---D | M] (ArcSoft Video Downloader Extension) -- C:\PROGRAM FILES\ARCSOFT\VIDEO DOWNLOADER\PLUGIN_FIREFOX
    [2009/08/24 15:00:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2008/12/17 18:04:44 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
    [2008/12/17 18:04:44 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
    [2008/12/17 18:04:44 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
    [2008/12/17 18:04:44 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
    [2008/12/17 18:04:44 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
    [2006/09/06 13:27:53 | 000,001,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2006/06/03 15:11:43 | 000,001,072 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2006/09/06 15:56:53 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
    [2008/03/29 15:28:40 | 000,001,441 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2006/09/11 14:46:49 | 000,000,664 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2004/08/05 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
    O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKU\Aurélie_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKU\Aurélie_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKU\Aurélie_ON_C\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O3 - HKU\Aurélie_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKU\Aurélie_ON_C\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKU\Aurélie_ON_C\..\Toolbar\WebBrowser: (PBFRV2) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - File not found
    O3 - HKU\Aurélie_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\Fabien_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O3 - HKU\Fabien_ON_C\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O3 - HKU\Fabien_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKU\Fabien_ON_C\..\Toolbar\WebBrowser: (PBFRV2) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - File not found
    O3 - HKU\Fabien_ON_C\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKU\thomas_ON_C\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
    O3 - HKU\thomas_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKU\thomas_ON_C\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Demon] C:\Program Files\Messager Wanadoo\Demon.exe (France Telecom)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
    O4 - HKLM..\Run: [PCMService] C:\Apps\Powercinema\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Symantec NetDriver Monitor] File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
    O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
    O4 - HKU\Aurélie_ON_C..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\Aurélie_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O4 - HKU\Aurélie_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\Aurélie_ON_C..\Run: [NBJ] File not found
    O4 - HKU\Fabien_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe ()
    O4 - HKU\Fabien_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe (ArcSoft Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
    O4 - Startup: C:\Documents and Settings\Aurélie\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\Fabien\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\thomas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Lire des données EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://photoservice.fujicolor.eu/ips-opdata/objects/jor... (JordanUploader Class)
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTe... (EPSON Web Printer-SelfTest Control Class)
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} https://static.impots.gouv.fr/tdir/static/adpform/AdSig... (AdVerifierADPCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-wind... (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-wind... (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-wind... (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Aurélie_ON_C Winlogon: Shell - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Aurélie_ON_C Winlogon: UserInit - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Fabien_ON_C Winlogon: Shell - (C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe ()
    O20 - HKU\Fabien_ON_C Winlogon: UserInit - (C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe ()
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/04 13:47:00 | 000,000,149 | RHS- | M] () - C:\AutoRun.inf -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\AutoRun\command - "" = C:\RavMon.exe -- [2007/10/26 12:02:04 | 000,049,152 | RHS- | M] ()
    O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\explore\Command - "" = C:\RavMon.exe -- [2007/10/26 12:02:04 | 000,049,152 | RHS- | M] ()
    O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\open\Command - "" = C:\RavMon.exe -- [2007/10/26 12:02:04 | 000,049,152 | RHS- | M] ()
    O33 - MountPoints2\{696a7e50-a9fc-11df-b0d3-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{696a7e50-a9fc-11df-b0d3-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\RavMon.exe
    O33 - MountPoints2\K\Shell\explore\Command - "" = K:\RavMon.exe -e
    O33 - MountPoints2\K\Shell\open\Command - "" = K:\RavMon.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/08/24 01:49:52 | 026,897,264 | ---- | C] ( ) -- C:\Program Files\adobe-reader-acrobat_adobe_reader_acrobat_9.1_francais_13628.exe
    [2009/08/05 02:12:53 | 000,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
    [2009/07/23 09:33:12 | 045,958,976 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
    [2009/03/18 14:40:52 | 000,607,640 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u12-windows-i586-p-iftw.exe
    [2009/03/16 12:35:18 | 006,130,336 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.20.exe
    [2005/03/09 08:55:25 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
    [2005/03/09 08:47:12 | 001,293,192 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
    [2005/03/09 08:47:12 | 000,516,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
    [2005/03/09 08:47:12 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
    [2005/03/09 08:47:12 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
    [2005/03/09 08:47:12 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
    [2005/03/09 08:47:11 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\PROGRA~1\Wanadoo\Utilisateur1\*.tmp files -> C:\PROGRA~1\Wanadoo\Utilisateur1\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/08 05:26:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/08 05:23:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/08 04:53:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\PROGRA~1\Wanadoo\Utilisateur1\*.tmp files -> C:\PROGRA~1\Wanadoo\Utilisateur1\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/18 02:41:08 | 000,207,360 | ---- | C] () -- C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe
    [2012/05/26 03:00:44 | 000,207,360 | ---- | C] () -- C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe
    [2010/12/27 16:01:51 | 000,000,133 | ---- | C] () -- C:\WINDOWS\BuzzTWCP.INI
    [2010/12/27 16:01:51 | 000,000,102 | ---- | C] () -- C:\WINDOWS\BuzzTWSC.INI
    [2010/12/27 16:00:29 | 000,000,101 | ---- | C] () -- C:\WINDOWS\BUZZTWLC.INI
    [2010/12/27 15:56:46 | 000,000,357 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
    [2010/05/22 07:23:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/05/22 07:23:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2010/05/22 07:23:36 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Aurélie\Application Data\$_hpcst$.hpc
    [2010/01/24 09:14:15 | 000,034,812 | ---- | C] () -- C:\Documents and Settings\Aurélie\Application Data\mdb.bin
    [2009/10/15 15:37:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/10/13 11:18:52 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/10/13 11:18:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/10/12 14:15:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/10/03 06:44:35 | 000,000,043 | -HS- | C] () -- C:\WINDOWS\SVCHOST.INI
    [2009/08/24 14:40:43 | 149,787,648 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_wJRE_fr.exe
    [2009/06/03 03:44:07 | 000,008,679 | ---- | C] () -- C:\Documents and Settings\Fabien\orahssLauncher.sav
    [2009/02/04 14:58:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
    [2008/11/04 15:43:41 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
    [2008/11/04 15:43:01 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2008/05/24 07:41:13 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
    [2008/05/24 07:41:13 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
    [2008/05/24 07:41:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
    [2008/05/23 14:39:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7400DEFGIPS.ini
    [2008/05/20 05:11:41 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2008/05/20 05:11:41 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2008/05/20 05:11:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/10/25 10:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/08/24 09:01:41 | 000,231,424 | ---- | C] () -- C:\Documents and Settings\Aurélie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/22 10:05:25 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/11/13 15:32:55 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
    [2006/07/06 07:13:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2006/05/31 14:32:37 | 000,000,077 | ---- | C] () -- C:\WINDOWS\memokid.ini
    [2006/05/31 14:24:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
    [2006/05/31 11:06:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Lascaux.ini
    [2006/05/05 11:40:13 | 000,000,264 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2005/10/02 08:47:55 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Recode.INI
    [2005/04/18 08:24:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
    [2005/04/06 13:39:30 | 000,006,414 | ---- | C] () -- C:\WINDOWS\Messager Wanadoo.ini
    [2005/03/30 14:36:26 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Fabien\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/03/26 11:53:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2005/03/26 05:26:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX6600FGD.ini
    [2005/03/25 13:01:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2005/03/09 09:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/03/09 09:20:25 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALCXINIT.DAT
    [2005/03/09 09:12:48 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/03/09 09:07:01 | 000,005,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASIOMI.sys
    [2005/03/09 09:03:27 | 000,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
    [2005/03/09 09:02:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jRegistryKey.dll
    [2005/03/09 09:02:51 | 000,000,232 | ---- | C] () -- C:\WINDOWS\my.ini
    [2005/03/09 09:00:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/03/09 08:55:25 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
    [2005/03/09 08:55:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
    [2005/03/09 08:55:25 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
    [2005/03/09 08:55:25 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
    [2005/03/09 08:55:25 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
    [2005/03/09 08:54:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2005/03/09 08:47:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
    [2005/03/09 08:47:11 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
    [2005/01/18 08:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/09/07 12:49:32 | 000,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/08/16 12:25:16 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/16 12:17:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/16 12:05:45 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/16 11:56:59 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/16 11:54:04 | 000,362,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/16 11:41:35 | 000,510,324 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2004/08/16 11:41:35 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2004/08/16 11:41:35 | 000,084,526 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2004/08/16 11:41:35 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2004/08/16 11:41:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/16 11:40:58 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/16 11:40:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/16 11:40:58 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/16 11:40:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/16 11:40:56 | 000,004,481 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/16 11:40:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/16 11:40:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/16 11:40:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/16 11:40:37 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/16 11:40:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/16 11:40:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/04/01 04:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1979/12/31 18:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
    [1979/12/31 18:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe

    ========== LOP Check ==========

    [2011/02/26 08:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
    [2008/08/08 03:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Ambient Design
    [2008/12/10 08:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\EPSON
    [2009/01/19 14:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Icone
    [2009/07/22 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Icones
    [2006/05/31 13:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\InterTrust
    [2005/03/22 14:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Leadertech
    [2009/09/01 15:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\OpenOffice.org
    [2010/05/22 08:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\PC Suite
    [2010/05/22 07:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Samsung
    [2011/02/26 08:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Seagate
    [2005/03/22 14:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aurélie\Application Data\Template
    [2011/02/20 10:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabien\Application Data\EPSON
    [2005/03/25 12:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabien\Application Data\Leadertech
    [2012/01/13 11:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabien\Application Data\Memeo
    [2011/03/03 15:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabien\Application Data\OpenOffice.org
    [2011/02/26 17:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabien\Application Data\Seagate
    [2012/01/13 11:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas\Application Data\Memeo
    [2011/09/01 10:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas\Application Data\Seagate
    [2010/07/30 14:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2011/02/26 08:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
    [2010/05/22 08:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2005/03/26 05:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2005/03/09 09:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :o TL >

    < IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yougoo.fr/meteo >
    Invalid Switch: meteo

    < FF - prefs.js..browser.startup.homepage: "http://www.yougoo.fr/meteo" >

    < FF - prefs.js..keyword.URL: "http://www.yougoo.fr/meteo?search&q=" >

    < File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\AURéLIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZJRQJZQ0.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} >

    < O4 - HKLM..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe () >

    < O4 - HKLM..\Run: [NPSStartup] File not found >

    < O4 - HKLM..\Run: [Symantec NetDriver Monitor] File not found >

    < O4 - HKU\Aurélie_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe () >

    < O4 - HKU\Aurélie_ON_C..\Run: [NBJ] File not found >

    < O4 - HKU\Fabien_ON_C..\Run: [B64Fu7wxCKTba7x] C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe () >

    < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 >

    < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 >

    < O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

    < O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] >

    < O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 >

    < O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >

    < O7 - HKU\Aurélie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 >

    < O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

    < O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 >

    < O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 >

    < O7 - HKU\Fabien_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 >

    < O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

    < O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

    < O7 - HKU\thomas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

    < O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe () >

    < O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe () >

    < O20 - HKU\Aurélie_ON_C Winlogon: Shell - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe () >

    < O20 - HKU\Aurélie_ON_C Winlogon: UserInit - (C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Aurélie\Application Data\ArchiverforWin.exe () >

    < O20 - HKU\Fabien_ON_C Winlogon: Shell - (C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe () >

    < O20 - HKU\Fabien_ON_C Winlogon: UserInit - (C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe) - C:\Documents and Settings\Fabien\Application Data\ArchiverforWin.exe () >

    < O32 - AutoRun File - [2009/10/04 14:47:00 | 000,000,149 | RHS- | M] () - C:\AutoRun.inf -- [ NTFS ] >
    Invalid Switch: 04 14:47:00 | 000,000,149 | RHS- | M] () - C:\AutoRun.inf -- [ NTFS ]


    < O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] >
    Invalid Switch: 24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]


    < O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\AutoRun\command - "" = C:\RavMon.exe -- [2007/10/26 13:02:04 | 000,049,152 | RHS- | M] () >

    < O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\explore\Command - "" = C:\RavMon.exe -- [2007/10/26 13:02:04 | 000,049,152 | RHS- | M] () >

    < O33 - MountPoints2\{21029000-9b08-11d9-ab40-806d6172696f}\Shell\open\Command - "" = C:\RavMon.exe -- [2007/10/26 13:02:04 | 000,049,152 | RHS- | M] () >

    < O33 - MountPoints2\{696a7e50-a9fc-11df-b0d3-00038a000015}\Shell - "" = AutoRun >

    < O33 - MountPoints2\{696a7e50-a9fc-11df-b0d3-00038a000015}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn >

    < O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\RavMon.exe >

    < O33 - MountPoints2\K\Shell\explore\Command - "" = K:\RavMon.exe -e >

    < O33 - MountPoints2\K\Shell\open\Command - "" = K:\RavMon.exe >


    < :Commands >

    < [emptytemp] >

    < [resethosts] >


    < End of report >
    m
    0
    l
    a b 8 Sécurité
    12 Février 2013 09:17:08

    Euh j'ai raté ton sujet, ça fait des mois que tu n'avais pas rep. Encore là ?
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS