Se connecter / S'enregistrer
Votre question

Problème redirection site Casino etc...

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mai 2010 16:21:34

Bonjour,

rebelotte pour moi et ces maudits problèmes de redirection vers cette fois des sites de casino en ligne, j'ai pourtant fait attention mais j'ai malheureusement eu trop confiance en mon antivirus et malwarebyte sur le scan de ce petit exe...

Après constatation de la première redirection intempestive j'ai fait un scan complet avec mon antivirus McAfee et MalwareByte mais rien...
donc voici mon log de HijackThis si une bonne ame peut m'aider...

merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:17, on 22/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\OO Software\Defrag\oodag.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Corel\Standby\Standby.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Telechargements\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Fichiers communs\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/install...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sii.fr
O17 - HKLM\Software\..\Telephony: DomainName = sii.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sii.fr
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 11890 bytes

Autres pages sur : probleme redirection site casino

22 Mai 2010 18:42:44

Salut.

C'était quoi le .exe, un crack? :o 

Fais un scan OTL, ça sera plus détaillé qu'un hijack:

/!\ Pour le bon déroulement de la désinfection:
  • N'ouvre pas le même sujet sur des forums différents, c'est une perte de temps pour tout le monde!
  • Évites les manipulations hasardeuses avec ton PC, mieux vaut demander!
  • Prends le temps de lire corectement et de comprendre l'ensemble des procédures qui te seront demandées.
  • Suis à la lettre chaque procédure qui te sera fournie.
  • Si tu as une quelconque question ou un quelconque problème, n'hésite pas à me demander.
  • Dans un souci de lisibilité du sujet, merci de bien vouloir héberger tous les rapports ici, et de poster les liens dans la discussion. :clin: 

    =====

    Télécharge OTL(de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
  • (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
  • Héberge les rapports, puis donne leurs liens.

    =====

    Et ensuite:

    Télécharge sur le bureau « Gmer »
  • Se rendre sur la page et choisir Download EXE.
  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Lance le.
  • Note: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clic sur l'onglet Rootkit/Malware,
  • À droite => coche toutes les cases.
  • Clique sur scan.
  • Lorsque le scan est terminé, clique sur copy,
  • Le coller dans la réponse.
    22 Mai 2010 20:18:18

    Salut!

    Tout d'abord merci de m'apporter ton aide...oui j'avoue je voulais gagner du temps...c'est raté... :heink: 

    J'ai suivi la procédure, voici les rapports générés par OTL :

    http://www.cijoint.fr/cjlink.php?file=cj201005/cij0Md3n...
    http://www.cijoint.fr/cjlink.php?file=cj201005/cijjJI28...

    Par contre j'ai essayé GMER 2 fois mais --> blue screen...je tente encore? J'ai une version Entreprise de Mc Afee donc je ne peux pas vraiment complètement le virer, peut être est-ce dû à cela? je desactive toute les fonctions mais bon ça crash quand même...

    merci encore
    Contenus similaires
    22 Mai 2010 20:49:45

    Fait ça pour gmer:

    Télécharge Defogger et lance le.
    (Sous Vista/Win7, il faut cliquer droit sur Defogger et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparait clique sur Disable
  • Redémarre le PC si demandé.

    Et re-essaye. ;) 
    22 Mai 2010 21:43:16

    Bon et bien non ça n'a rien changé malgré 4 tentatives... :heink: 

    Toujours des écrans bleus erreur fatale irrécupérable etc...

    Je fais quoi maintenant chief ? :??: 
    23 Mai 2010 00:58:30

    On va faire autrement, fait ça:

  • Désactive l'antivirus.

    Télécharger et enregistrer sur le bureau « Combofix »

  • Double-clic sur Combofix.
  • Si invitation à télécharger et installer la console de récupération, l'accepter.
  • La recherche va ensuite se lancer,
  • Attendre la fermeture de l’outil ( 5 à 10 mn),
  • Un rapport dans C:\Combofix.txt: héberge le et donne le lien.
    23 Mai 2010 13:30:37

    Ok, on va vérifier autre chose:

    Télécharge -> mbr.exe
    Double-cliquez sur mbr.exe.. une fenêtre noire va s'ouvrir et se refermer.
    Un rapport sera généré mbr.log, copie et colle son contenue ici.
    23 Mai 2010 13:42:43

    C'est fait!

    Voici le log :

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    23 Mai 2010 13:45:06

    Ok! Tu pourrais essayé de faire le scan gmer en mode sans échec? J'ai un petit doute encore.

    Je pense qu'il devrait fonctionner en sans échec. :o 
    23 Mai 2010 13:48:04

    ichigo11 a dit :
    Ok! Tu pourrais essayé de faire le scan gmer en mode sans échec? J'ai un petit doute encore.

    Je pense qu'il devrait fonctionner en sans échec. :o 


    Ok je vais essayer...
    23 Mai 2010 20:39:39

    Bon et bien définitivement non pour GMER... il a bien réussi en je ne sais pas combien d'heures à me faire le scan mais dès que je l'ai touché pour faire apparaitre le bouton "copy" il n'a plus répondu....merci bonsoir...toutes ces heures pour rien...
    Une autre solution peut être?...j'ai re tenté en mode normal et toujours le crash... :pt1cable: 
    23 Mai 2010 20:47:01

    Et à priori toujours infecté par une espèce de redirection vers un site qui me propose un scan en direct et qui me trouve xxx virus sur mon ordi...la loose.
    23 Mai 2010 22:45:21

    Ok, je cherche autre chose, je te répond bientôt. ;) 

    =====

    Alors, on va faire autrement!

    Ce fichier est assez volumineux, on utilisera donc votre lecteur CD/DVD et un CD vierge sur votre machine.
    Un Périphérique USB serait pratique également.


    Télécharger et installer IsoBurner afin de graver OTLPE sur un CD.

    Puis télécharger OTLPE.

  • Installer IsoBurner
  • Cliquer sur la case en haut a doite et suivre le chemin afin de sélectionner OTLPE.iso
  • Clic BURN

    Note : Votre CD gravé, vous devez maintenant redémarrer votre machine sur le lecteur CDROM
    Pour se faire je vous invite sur ce lien : Booter sur un CD.

  • Une fois le CD lancé Windows se charge vous arrivez sur le bureau REATOGO-X-PE.
  • Double cliquer sur OTLPE.
  • Une fenêtre s'ouvre : Do you wish to load the remote registry ; Cliquez sur YES,
  • Une seconde : Do you wish to load remote user profile(s) for scanning ; Cliquez sur YES,
  • Veillez à ce que la case Automatically Load All Remaining Users soit cochée et appuyez sur OK.

    OTL se lance.

  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Custom Scans/Files

  • netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    cdrom.sys
    disk.sys
    ndis.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT

  • Cliquez sur Run Scan pour démarrer le scanner, cela peut prendre quelques minutes.
  • Un fois fini le rapport s'ouvre, utilisez l'icone d'internet explorer pour copier coller son contenu dans la réponse.

    Note : si vous n'avez pas de connection Internet, sauvegardez le rapport sur un périphérique USB
    25 Mai 2010 11:20:32

    Voilà c'est fait...voici le rapport :

    OTL logfile created on: 5/25/2010 11:50:42 AM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.41 Gb Total Space | 3.13 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
    Drive D: | 50.11 Gb Total Space | 12.19 Gb Free Space | 24.32% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/20 04:18:54 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/18 11:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2010/01/06 14:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2010/01/06 14:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/01/06 14:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2010/01/06 14:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2009/09/11 19:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
    SRV - [2009/07/19 17:55:50 | 004,446,752 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV - [2009/05/26 06:46:43 | 000,072,704 | ---- | M] (Autodesk) [Auto] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/08/20 11:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2008/08/20 11:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2008/08/20 11:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2008/08/20 11:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2008/07/10 20:28:44 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:44 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) Agent SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:40 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2008/07/09 21:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/07/09 21:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/07/20 11:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2007/07/11 04:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - [2006/09/29 06:48:06 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
    SRV - [2005/08/30 12:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
    SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (VMnetAdapter)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (mferkdk)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | Auto] -- -- (DS1410D)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2010/05/25 04:19:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/05/15 12:20:31 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS -- (FNETTBOH)
    DRV - [2010/05/15 12:20:31 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2010/01/06 14:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/01/06 14:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/01/06 14:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/01/06 14:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/01/06 14:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2010/01/06 14:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/12 19:31:41 | 007,653,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/02/25 19:12:26 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2008/08/28 18:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/08/04 06:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2008/07/09 21:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/07/23 10:05:26 | 000,009,136 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 10:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 10:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 10:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 10:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 10:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 10:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 10:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 09:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007/07/23 09:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 09:49:44 | 000,014,576 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/07/23 09:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007/05/10 05:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/08 07:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/02/09 16:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2006/01/20 12:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
    DRV - [2006/01/11 12:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
    DRV - [2005/11/22 04:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2005/10/26 05:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/10/03 07:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
    DRV - [2005/09/15 13:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
    DRV - [2005/08/12 12:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/01 11:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/07/28 03:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2005/07/22 06:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/22 06:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/22 06:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/07/14 13:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 12:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/12 14:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/07/11 13:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
    DRV - [2005/05/13 12:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2005/04/06 04:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
    DRV - [2005/01/06 08:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2001/06/21 16:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2001/06/21 16:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\sperrotte.SII_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKU\sperrotte.SII_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\sperrotte.SII_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1

    IE - HKU\sperrotte_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\xdufour_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/05/23 07:01:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\sperrotte.SII_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [Standby] c:\Program Files\Fichiers communs\Corel\Standby\Standby.exe (Corel)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe (FNet Co., Ltd.)
    O4 - HKU\sperrotte.SII_ON_C..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - HKU\xdufour_ON_C..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\sperrotte.SII_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\sperrotte.SII_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\sperrotte.SII_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\sperrotte.SII_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\sperrotte_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\sperrotte_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\xdufour_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\xdufour_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.... (System Requirements Lab Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/install... (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.7.1.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sii.fr
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/13 12:56:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{429fd5c1-e199-11dd-b9b7-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{429fd5c1-e199-11dd-b9b7-806d6172696f}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/13 13:33:49 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
    ActiveX: {12894795-5080-3BB3-6880-8433BA9C9897} - Internet Explorer
    ActiveX: {1AF0037B-B676-67F2-BB4E-C0AE09DC5103} - NetShow
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
    ActiveX: {51C31EB7-56A9-152D-3C2D-46623A814813} - Outlook Express
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {862F2060-19D2-F241-0943-8AE2DB1C8945} - Internet Explorer
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A174E358-7860-F8D3-55B2-7A08D3FD5E07} - Lecteur Windows Media Microsoft 6.4
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C7FCAC7A-91F1-3A92-D376-E9747D39470E} - Themes Setup
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.dvacm - c:\Program Files\Fichiers communs\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/25 04:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
    [2010/05/23 06:44:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/05/23 06:40:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/05/23 06:40:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/05/23 06:40:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/05/23 06:40:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/05/23 06:38:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/05/23 06:33:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/22 13:37:37 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sperrotte.SII\Bureau\OTL.exe
    [2010/05/22 05:45:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/05/21 10:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\Corel
    [2010/05/21 10:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\Ulead Systems
    [2010/05/21 10:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
    [2010/05/21 10:34:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
    [2010/05/21 10:34:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
    [2010/05/21 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
    [2010/05/21 10:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Protexis
    [2010/05/21 10:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Corel
    [2010/05/21 10:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
    [2010/05/21 10:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Ulead Systems
    [2010/05/21 09:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\NOS
    [2010/05/21 09:38:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sperrotte.SII\Recent
    [2010/05/21 07:35:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/05/21 07:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/21 07:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/05/21 07:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/05/21 05:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
    [2010/05/21 05:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2010/05/21 05:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\DAEMON Tools Lite
    [2010/05/20 08:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\No Company Name
    [2010/05/20 08:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Mes documents\Adobe
    [2010/05/20 04:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
    [2010/05/19 12:50:49 | 010,756,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2010/05/19 12:50:49 | 002,194,024 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2010/05/19 12:50:49 | 001,714,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2010/05/19 12:50:47 | 002,007,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2010/05/19 12:50:47 | 000,888,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2010/05/19 12:50:47 | 000,155,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
    [2010/05/19 12:50:47 | 000,155,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
    [2010/05/17 12:21:19 | 000,000,000 | ---D | C] -- C:\Qxt
    [2010/05/17 08:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\SQLite Expert
    [2010/05/17 07:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
    [2010/05/15 12:20:31 | 000,023,680 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS
    [2010/05/15 12:20:31 | 000,007,936 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS
    [2010/05/15 12:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\UsbBoost
    [2010/05/07 12:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\SimulFoot
    [2010/05/07 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Inno Setup 5
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/25 04:41:01 | 013,893,632 | -H-- | M] () -- C:\Documents and Settings\sperrotte.SII\NTUSER.DAT
    [2010/05/25 04:41:01 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/05/25 04:41:01 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/05/25 04:40:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/25 04:40:55 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
    [2010/05/25 04:40:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/25 04:25:38 | 000,068,605 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/05/25 04:24:57 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
    [2010/05/25 04:24:31 | 000,343,441 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
    [2010/05/25 04:19:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/05/25 04:09:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484763869-725345543-12707UA.job
    [2010/05/25 04:09:00 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484763869-725345543-12707Core.job
    [2010/05/24 16:51:50 | 000,207,360 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/24 16:23:11 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484763869-725345543-12699.job
    [2010/05/23 07:41:47 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\mbr.exe
    [2010/05/23 07:01:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/05/23 07:01:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/05/23 06:44:13 | 000,000,282 | RHS- | M] () -- C:\boot.ini
    [2010/05/23 06:32:20 | 003,693,870 | R--- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\ComboFix.exe
    [2010/05/22 15:23:40 | 000,034,680 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/05/22 15:13:20 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\defogger_reenable
    [2010/05/22 15:12:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Defogger.exe
    [2010/05/22 13:44:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\l20p46dw.exe
    [2010/05/22 13:37:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sperrotte.SII\Bureau\OTL.exe
    [2010/05/22 09:25:53 | 000,002,348 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Google Chrome.lnk
    [2010/05/21 10:55:07 | 002,225,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/05/21 09:41:37 | 000,101,942 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Mes documents\cc_20100521_154120.reg
    [2010/05/20 17:58:51 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\sperrotte.SII\ntuser.ini
    [2010/05/18 18:24:52 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2010/05/18 15:14:18 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Qt Creator.lnk
    [2010/05/15 12:20:31 | 000,023,680 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS
    [2010/05/15 12:20:31 | 000,007,936 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS
    [2010/05/13 18:16:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/29 09:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 09:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/26 09:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/25 04:40:55 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
    [2010/05/23 07:41:45 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\mbr.exe
    [2010/05/23 06:44:13 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2010/05/23 06:44:08 | 000,263,488 | ---- | C] () -- C:\cmldr
    [2010/05/23 06:40:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/05/23 06:40:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/05/23 06:40:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/05/23 06:40:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/05/23 06:40:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/05/23 06:32:20 | 003,693,870 | R--- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\ComboFix.exe
    [2010/05/22 15:12:58 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\defogger_reenable
    [2010/05/22 15:12:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Defogger.exe
    [2010/05/22 13:44:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\l20p46dw.exe
    [2010/05/22 09:25:53 | 000,002,348 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Google Chrome.lnk
    [2010/05/21 09:41:24 | 000,101,942 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Mes documents\cc_20100521_154120.reg
    [2010/05/21 07:35:46 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
    [2010/05/19 12:50:46 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/05/18 15:14:18 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Qt Creator.lnk
    [2010/05/17 07:51:32 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2010/05/16 14:38:44 | 000,006,154 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\OgreMaterialUpgrade.log
    [2010/04/22 11:38:57 | 000,002,438 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\OgreMeshUpgrade.log
    [2010/02/21 09:47:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/11/26 13:50:24 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\SalomeApp.xml.5.1.2
    [2009/10/25 05:44:37 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/09/17 05:17:51 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/06/19 11:48:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Application Data\winscp.rnd
    [2009/06/19 05:18:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/02/25 19:11:16 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
    [2009/01/17 08:23:56 | 000,207,360 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/17 05:47:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2009/01/15 06:30:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/01/14 09:21:12 | 000,001,460 | RHS- | C] () -- C:\Documents and Settings\sperrotte.SII\ntuser.pol
    [2009/01/14 09:21:11 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\sperrotte.SII\ntuser.ini
    [2009/01/14 09:21:09 | 013,893,632 | -H-- | C] () -- C:\Documents and Settings\sperrotte.SII\NTUSER.DAT
    [2009/01/14 09:21:09 | 001,044,480 | -H-- | C] () -- C:\Documents and Settings\sperrotte.SII\NTUSER.DAT.LOG
    [2009/01/14 05:24:20 | 000,014,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS
    [2009/01/14 05:24:20 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/01/14 05:16:15 | 000,001,460 | RHS- | C] () -- C:\Documents and Settings\xdufour\ntuser.pol
    [2009/01/14 05:16:14 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\xdufour\ntuser.ini
    [2009/01/14 05:16:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\xdufour\ntuser.dat.LOG
    [2009/01/14 05:16:12 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\xdufour\NTUSER.DAT
    [2009/01/14 05:12:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2009/01/14 05:10:27 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2009/01/13 13:09:43 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\sperrotte\ntuser.dat.LOG
    [2009/01/13 13:09:43 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\sperrotte\ntuser.ini
    [2009/01/13 13:09:42 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\sperrotte\NTUSER.DAT
    [2009/01/13 13:00:33 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2009/01/13 13:00:33 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2009/01/13 13:00:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2009/01/13 12:59:34 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2009/01/13 12:59:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2009/01/13 12:59:34 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2006/08/27 06:38:30 | 000,002,932 | ---- | C] () -- C:\WINDOWS\System32\kbdro583m.dll
    [2005/09/01 16:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/22 16:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2005/01/21 07:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
    [2004/07/20 12:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 09:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [1998/03/22 08:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

    ========== LOP Check ==========

    [2009/12/04 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Artisteer
    [2010/05/21 07:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\DAEMON Tools Lite
    [2010/04/05 18:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\FileZilla
    [2009/11/01 18:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\IrfanView
    [2010/05/12 16:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\NewsLeecher
    [2010/05/20 08:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\No Company Name
    [2010/05/19 13:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Nokia
    [2010/03/24 12:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Opera
    [2009/09/17 05:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Sparx Systems
    [2009/02/10 10:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Subversion
    [2009/08/27 10:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\TuneUp Software
    [2010/05/21 10:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Ulead Systems

    ========== Purity Check ==========



    ========== Custom Scans ==========


    Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

    Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AEC.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
    [2004/08/03 17:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
    [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ERDNT\cache\aec.sys
    [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
    [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys

    < MD5 for: AGP440.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/05 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

    < MD5 for: CDROM.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
    [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
    [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
    [2004/08/05 06:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

    < MD5 for: DISK.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:D isk.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:D isk.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:D isk.sys
    [2004/08/05 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
    [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
    [2008/04/13 13:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

    < MD5 for: EVENTLOG.DLL >
    [2004/08/05 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

    < MD5 for: MOUNTMGR.SYS >
    [2004/08/05 06:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
    [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
    [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys

    < MD5 for: MRXSMB.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
    [2004/08/05 06:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
    [2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
    [2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
    [2008/10/24 07:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
    [2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
    [2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
    [2008/10/24 07:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    [2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

    < MD5 for: NDIS.SYS >
    [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
    [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
    [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
    [2004/08/05 06:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/05 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: NVATABUS.SYS >
    [2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

    < MD5 for: RASACD.SYS >
    [2004/08/05 06:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
    [2004/08/05 06:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

    < MD5 for: SCECLI.DLL >
    [2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
    [2004/08/05 06:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    < MD5 for: TERMDD.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
    [2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
    [2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
    [2004/08/03 19:55:12 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys

    < MD5 for: WIN32K.SYS >
    [2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB954211$\win32k.sys
    [2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
    [2009/08/14 11:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
    [2004/08/05 06:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
    [2009/02/09 10:05:54 | 001,846,912 | ---- | M] (Microsoft Corporation) MD5=6D791CDCE0B1551D95A81D69E7352EF5 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
    [2009/08/14 11:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\system32\dllcache\win32k.sys
    [2009/08/14 11:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\system32\win32k.sys
    [2008/09/15 11:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\WINDOWS\$NtUninstallKB958690$\win32k.sys
    [2009/02/09 09:59:50 | 001,847,680 | ---- | M] (Microsoft Corporation) MD5=A06AF7F6B26F2BDEFB0961D4641D6453 -- C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys
    [2009/04/19 15:42:34 | 001,847,936 | ---- | M] (Microsoft Corporation) MD5=A4CB910DA61C2AB50D1D4E15CDA48D32 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
    [2008/09/15 11:20:39 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=AC230363E6F0021E3F8336990F348A87 -- C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys
    [2009/04/19 15:50:30 | 001,847,296 | ---- | M] (Microsoft Corporation) MD5=E2D4E6609DCF4175FCC8BCA489F28D9C -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/06/20 13:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
    [2010/02/25 05:47:32 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
    [2010/02/25 02:17:32 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
    [2008/04/13 22:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
    [2008/04/13 22:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
    [2008/06/17 15:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009/01/13 13:39:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/01/13 13:39:45 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/01/13 13:39:45 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < CREATERESTOREPOINT >
    < End of report >

    25 Mai 2010 22:20:45

    Tu connais cette société --> sii.fr ?

    ===

    Ensuite, on va refaire un scan OTLPE, refais la même procédure que dessus, mais avec le custom scan suivant: (je cherche le driver qui pourrait-être patché et t'ouvrir tes pop-up)


    /md5start
    ACPI.sys
    CLASSPNP.SYS
    Disk.sys
    FNETTBOH.SYS
    FNETURPX.SYS
    /md5stop
    26 Mai 2010 09:15:27

    Oui oui c'est ma boite ;-)
    OK je fais ça de suite...
    26 Mai 2010 09:55:30

    Voici donc le nouveau rapport :

    OTL logfile created on: 5/26/2010 10:31:32 AM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24.41 Gb Total Space | 3.02 Gb Free Space | 12.36% Space Free | Partition Type: NTFS
    Drive D: | 50.11 Gb Total Space | 14.69 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/20 04:18:54 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/18 11:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2010/01/06 14:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2010/01/06 14:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/01/06 14:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2010/01/06 14:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2009/09/11 19:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
    SRV - [2009/07/19 17:55:50 | 004,446,752 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV - [2009/05/26 06:46:43 | 000,072,704 | ---- | M] (Autodesk) [Auto] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/08/20 11:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2008/08/20 11:28:34 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2008/08/20 11:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2008/08/20 11:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2008/07/10 20:28:44 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:44 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) Agent SQL Server (SQLEXPRESS)
    SRV - [2008/07/10 20:28:40 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2008/07/09 21:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/07/09 21:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/07/20 11:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2007/07/11 04:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - [2006/09/29 06:48:06 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
    SRV - [2005/08/30 12:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
    SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (VMnetAdapter)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (mferkdk)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | Auto] -- -- (DS1410D)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2010/05/25 04:19:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/05/15 12:20:31 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS -- (FNETTBOH)
    DRV - [2010/05/15 12:20:31 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
    DRV - [2010/01/06 14:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/01/06 14:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/01/06 14:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/01/06 14:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/01/06 14:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2010/01/06 14:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/09/12 19:31:41 | 007,653,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/02/25 19:12:26 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2008/08/28 18:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/08/04 06:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2008/07/09 21:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/07/23 10:05:26 | 000,009,136 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 10:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 10:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 10:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 10:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 10:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 10:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 10:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 09:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007/07/23 09:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 09:49:44 | 000,014,576 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/07/23 09:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007/05/10 05:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/08 07:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/02/09 16:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2006/01/20 12:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
    DRV - [2006/01/11 12:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
    DRV - [2005/11/22 04:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2005/10/26 05:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/10/03 07:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
    DRV - [2005/09/15 13:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
    DRV - [2005/08/12 12:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/01 11:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/07/28 03:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2005/07/22 06:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/22 06:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/22 06:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/07/14 13:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 12:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/12 14:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/07/11 13:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
    DRV - [2005/05/13 12:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2005/04/06 04:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
    DRV - [2005/01/06 08:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2001/06/21 16:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2001/06/21 16:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\sperrotte.SII_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKU\sperrotte.SII_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\sperrotte.SII_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1

    IE - HKU\sperrotte_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\xdufour_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/05/23 07:01:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\sperrotte.SII_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [Standby] c:\Program Files\Fichiers communs\Corel\Standby\Standby.exe (Corel)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [UsbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe (FNet Co., Ltd.)
    O4 - HKU\sperrotte.SII_ON_C..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
    O4 - HKU\xdufour_ON_C..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\sperrotte.SII_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\sperrotte.SII_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\sperrotte_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\xdufour_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.... (System Requirements Lab Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Contro... (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/install... (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.7.1.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sii.fr
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/13 12:56:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/05/25 16:03:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/05/25 04:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
    [2010/05/23 06:44:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/05/23 06:40:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/05/23 06:40:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/05/23 06:40:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/05/23 06:40:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/05/23 06:38:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/05/23 06:33:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/22 13:37:37 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sperrotte.SII\Bureau\OTL.exe
    [2010/05/22 05:45:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/05/21 10:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\Corel
    [2010/05/21 10:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\Ulead Systems
    [2010/05/21 10:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
    [2010/05/21 10:34:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
    [2010/05/21 10:34:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
    [2010/05/21 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
    [2010/05/21 10:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Protexis
    [2010/05/21 10:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Corel
    [2010/05/21 10:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
    [2010/05/21 10:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Ulead Systems
    [2010/05/21 09:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\NOS
    [2010/05/21 09:38:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sperrotte.SII\Recent
    [2010/05/21 07:35:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/05/21 07:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/21 07:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/05/21 07:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/05/21 05:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
    [2010/05/21 05:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2010/05/21 05:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\DAEMON Tools Lite
    [2010/05/20 08:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Application Data\No Company Name
    [2010/05/20 08:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sperrotte.SII\Mes documents\Adobe
    [2010/05/20 04:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
    [2010/05/19 12:50:49 | 010,756,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2010/05/19 12:50:49 | 002,194,024 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2010/05/19 12:50:49 | 001,714,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2010/05/19 12:50:47 | 002,007,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2010/05/19 12:50:47 | 000,888,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2010/05/19 12:50:47 | 000,155,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
    [2010/05/19 12:50:47 | 000,155,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
    [2010/05/17 12:21:19 | 000,000,000 | ---D | C] -- C:\Qxt
    [2010/05/17 08:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\SQLite Expert
    [2010/05/17 07:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
    [2010/05/15 12:20:31 | 000,023,680 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS
    [2010/05/15 12:20:31 | 000,007,936 | ---- | C] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS
    [2010/05/15 12:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\UsbBoost
    [2010/05/07 12:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\SimulFoot
    [2010/05/07 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Inno Setup 5
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/05/26 03:16:50 | 013,893,632 | -H-- | M] () -- C:\Documents and Settings\sperrotte.SII\NTUSER.DAT
    [2010/05/26 03:16:50 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/05/26 03:16:50 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/05/26 03:16:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/26 03:16:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/26 03:16:43 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
    [2010/05/26 03:11:54 | 000,068,605 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/05/26 03:11:25 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
    [2010/05/26 03:10:57 | 000,347,269 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
    [2010/05/25 17:50:16 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484763869-725345543-12699.job
    [2010/05/25 17:09:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484763869-725345543-12707UA.job
    [2010/05/25 04:19:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
    [2010/05/25 04:09:00 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-484763869-725345543-12707Core.job
    [2010/05/24 16:51:50 | 000,207,360 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/23 07:41:47 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\mbr.exe
    [2010/05/23 07:01:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/05/23 07:01:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/05/23 06:44:13 | 000,000,282 | RHS- | M] () -- C:\boot.ini
    [2010/05/23 06:32:20 | 003,693,870 | R--- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\ComboFix.exe
    [2010/05/22 15:23:40 | 000,034,680 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/05/22 15:13:20 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\defogger_reenable
    [2010/05/22 15:12:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Defogger.exe
    [2010/05/22 13:44:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\l20p46dw.exe
    [2010/05/22 13:37:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sperrotte.SII\Bureau\OTL.exe
    [2010/05/22 09:25:53 | 000,002,348 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Google Chrome.lnk
    [2010/05/21 10:55:07 | 002,225,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/05/21 09:41:37 | 000,101,942 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Mes documents\cc_20100521_154120.reg
    [2010/05/20 17:58:51 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\sperrotte.SII\ntuser.ini
    [2010/05/18 18:24:52 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2010/05/18 15:14:18 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Qt Creator.lnk
    [2010/05/15 12:20:31 | 000,023,680 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETTBOH.SYS
    [2010/05/15 12:20:31 | 000,007,936 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\System32\drivers\FNETURPX.SYS
    [2010/05/13 18:16:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/29 09:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 09:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/26 03:16:43 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
    [2010/05/23 07:41:45 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\mbr.exe
    [2010/05/23 06:44:13 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2010/05/23 06:44:08 | 000,263,488 | ---- | C] () -- C:\cmldr
    [2010/05/23 06:40:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/05/23 06:40:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/05/23 06:40:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/05/23 06:40:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/05/23 06:40:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/05/23 06:32:20 | 003,693,870 | R--- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\ComboFix.exe
    [2010/05/22 15:12:58 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\defogger_reenable
    [2010/05/22 15:12:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Defogger.exe
    [2010/05/22 13:44:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\l20p46dw.exe
    [2010/05/22 09:25:53 | 000,002,348 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Google Chrome.lnk
    [2010/05/21 09:41:24 | 000,101,942 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Mes documents\cc_20100521_154120.reg
    [2010/05/19 12:50:46 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/05/18 15:14:18 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Bureau\Qt Creator.lnk
    [2010/05/17 07:51:32 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2010/05/16 14:38:44 | 000,006,154 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\OgreMaterialUpgrade.log
    [2010/04/22 11:38:57 | 000,002,438 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\OgreMeshUpgrade.log
    [2010/02/21 09:47:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/11/26 13:50:24 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\SalomeApp.xml.5.1.2
    [2009/10/25 05:44:37 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/09/17 05:17:51 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/06/19 11:48:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Application Data\winscp.rnd
    [2009/06/19 05:18:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/02/25 19:11:16 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
    [2009/01/17 08:23:56 | 000,207,360 | ---- | C] () -- C:\Documents and Settings\sperrotte.SII\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/17 05:47:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
    [2009/01/15 06:30:00 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/01/14 09:21:12 | 000,001,460 | RHS- | C] () -- C:\Documents and Settings\sperrotte.SII\ntuser.pol
    [2009/01/14 09:21:11 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\sperrotte.SII\ntuser.ini
    [2009/01/14 09:21:09 | 013,893,632 | -H-- | C] () -- C:\Documents and Settings\sperrotte.SII\NTUSER.DAT
    [2009/01/14 09:21:09 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\sperrotte.SII\NTUSER.DAT.LOG
    [2009/01/14 05:24:20 | 000,014,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS
    [2009/01/14 05:24:20 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/01/14 05:16:15 | 000,001,460 | RHS- | C] () -- C:\Documents and Settings\xdufour\ntuser.pol
    [2009/01/14 05:16:14 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\xdufour\ntuser.ini
    [2009/01/14 05:16:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\xdufour\ntuser.dat.LOG
    [2009/01/14 05:16:12 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\xdufour\NTUSER.DAT
    [2009/01/14 05:12:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2009/01/14 05:10:27 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2009/01/13 13:09:43 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\sperrotte\ntuser.dat.LOG
    [2009/01/13 13:09:43 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\sperrotte\ntuser.ini
    [2009/01/13 13:09:42 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\sperrotte\NTUSER.DAT
    [2009/01/13 13:00:33 | 000,053,248 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2009/01/13 13:00:33 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2009/01/13 13:00:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2009/01/13 12:59:34 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2009/01/13 12:59:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2009/01/13 12:59:34 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2006/08/27 06:38:30 | 000,002,932 | ---- | C] () -- C:\WINDOWS\System32\kbdro583m.dll
    [2005/09/01 16:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/22 16:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2005/01/21 07:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
    [2004/07/20 12:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 09:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [1998/03/22 08:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

    ========== LOP Check ==========

    [2009/12/04 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Artisteer
    [2010/05/21 07:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\DAEMON Tools Lite
    [2010/04/05 18:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\FileZilla
    [2009/11/01 18:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\IrfanView
    [2010/05/12 16:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\NewsLeecher
    [2010/05/20 08:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\No Company Name
    [2010/05/19 13:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Nokia
    [2010/03/24 12:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Opera
    [2009/09/17 05:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Sparx Systems
    [2009/02/10 10:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Subversion
    [2009/08/27 10:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\TuneUp Software
    [2010/05/21 10:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sperrotte.SII\Application Data\Ulead Systems

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: ACPI.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ACPI.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ACPI.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ACPI.sys
    [2004/08/05 06:00:00 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=0BD94FBFC14EA3606CD6CA4C0255BAA3 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
    [2008/04/13 21:52:42 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
    [2008/04/13 21:52:42 | 000,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys

    < MD5 for: CLASSPNP.SYS >
    [2004/08/05 06:00:00 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
    [2008/04/13 15:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
    [2008/04/13 15:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys

    < MD5 for: DISK.SYS >
    [2004/08/05 06:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:D isk.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:D isk.sys
    [2009/01/14 05:45:47 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:D isk.sys
    [2004/08/05 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
    [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
    [2008/04/13 13:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

    < MD5 for: FNETTBOH.SYS >
    [2010/05/15 12:20:31 | 000,023,680 | ---- | M] (FNet Co., Ltd.) MD5=A9E2DF40ED6EC9E8885DA72B6E1818F3 -- C:\WINDOWS\system32\drivers\FNETTBOH.SYS

    < MD5 for: FNETURPX.SYS >
    [2010/05/15 12:20:31 | 000,007,936 | ---- | M] (FNet Co., Ltd.) MD5=784FFBA7EE5C5F3A396407E4712F72F0 -- C:\WINDOWS\system32\drivers\FNETURPX.SYS
    < End of report >
    26 Mai 2010 13:23:17

    Ok, on va essayé quelque chose. ;)  Mais avant, tu pourrais m'indiquer dans quel lecteur se trouve ton dossier windows?
    Double-clic sur my computer, et regarde si tu as le dossier windows dans le disque C ou le disque D.
    26 Mai 2010 14:03:57

    Par contre il va me falloir une solution rapide sinon je pense réinstaller le tout si ça doit être trop long c'est mon portable du boulot et là je suis bloqué...Tu penses que ça va être long?
    26 Mai 2010 14:06:51

    Ok! Non, de toute façon c'est la dernière solution que je vois, sinon après je ne sais pas trop quoi faire... :sweat: 

  • Relance OTLPE:
  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Custom Scans/Files

  • :files
    C:\win32k.sys.bak|C:\WINDOWS\system32\win32k.sys /replace
    C:\WINDOWS\system32\win32k.sys|C:\WINDOWS\ServicePackFiles\i386\win32k.sys /replace

  • Enfin, clique sur le bouton Run Fix. Le scan ne prendra pas beaucoup de temps.
  • Si une fenêtre s'ouvre avec un message : No Fix has been Provided! Do you want to load it from a file; cliquer sur YES.
  • Une fois l'analyse terminée, un rapport va s'ouvrir.
  • Copie/colle ensuite le rapport.
  • Note: Le rapport se trouve dans C:\OTL\
    26 Mai 2010 15:01:54

    Voilà le rapport mais je ne peux toujours pas me servir de chrome...

    ========== FILES ==========
    File C:\win32k.sys.bak successfully replaced with C:\WINDOWS\system32\win32k.sys
    File C:\WINDOWS\system32\win32k.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\win32k.sys

    OTLPE by OldTimer - Version 3.1.39.0 log created on 05262010_153941
    26 Mai 2010 15:08:54

    Te servir de chrome?

    Redémarre en mode normal et dis si tu as toujours des soucis de redirection.
    26 Mai 2010 15:26:27

    Chrome, le navigateur... ou Opéra ou Chrome Plus. A priori le virus se charge de nous empêcher d'utiliser un autre navigateur pour mieux nous em... avec Internet Explorer...
    Sinon je suis en mode normal je ne vois pas de redirection pour le moment...
    26 Mai 2010 15:39:08

    Ok. Essai de désinstaller et re-installer les navigateurs qui posent soucis. ;)  Ça devrait fonctionner maintenant je pense.
    26 Mai 2010 15:59:39

    Et bien non ça ne marche pas... :cry:  Je pense que le problème n'est pas tout à fait résolu...
    26 Mai 2010 16:04:10

    Il se passe quoi quand tu essai de les lancer? Ou de les installer?
    26 Mai 2010 16:10:00

    ichigo11 a dit :
    Il se passe quoi quand tu essai de les lancer? Ou de les installer?


    Tout se passe bien à l'install mais quand je le lance il n'arrive pas à afficher les pages, délai trop long...
    26 Mai 2010 16:20:13

    Ahhhh! Ça doit être un problème de config ou de proxy. Mais c'est rien, ça devrait vite se régler. :p 

    Fais un scan OTL. ;)  (pas OTLPE sur le liveCD, juste OTL, tu as la manip dans mon premier post)
    26 Mai 2010 18:13:14

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Copies et colles le contenu ci dessous dans la partie inférieur d'OTL: Personnalisation

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1

    :Commands
    [emptytemp]
    [Reboot]


  • Enfin, clique sur le bouton Correction. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, un rapport va s'ouvrir.
  • Copie/colle ensuite les rapports.
  • Note: Le rapport se trouve dans C:\OTL\

    ===

    Après redémarrage dire si encore soucis de délai trop long. ;) 
    27 Mai 2010 09:45:06

    Aïe encore des redirections intempestives...apparemment tout n'est pas règlé...

    voici quand même le rapport OTL :

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2056550 bytes
    ->Flash cache emptied: 751 bytes

    User: sperrotte
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: sperrotte.SII
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 313575873 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 96101953 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 1887256 bytes

    User: xdufour
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 395,00 mb


    OTL by OldTimer - Version 3.2.5.0 log created on 05272010_093256

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UXLR9W83\search[1].txt not found!
    C:\Documents and Settings\sperrotte.SII\Local Settings\Temporary Internet Files\Content.IE5\RU3O07LM\forum2[1].htm moved successfully.
    C:\Documents and Settings\sperrotte.SII\Local Settings\Temporary Internet Files\Content.IE5\OVNV1LWM\cdntests_cedexis[1].htm moved successfully.

    Registry entries deleted on Reboot...
    27 Mai 2010 09:46:28

    Et toujours même problème sur chrome...
    27 Mai 2010 12:33:26

    Ok, refais un scan combofix (efface celui que tu as, et retélécarge le):

  • Désactive l'antivirus.

    Télécharger et enregistrer sur le bureau « Combofix »

  • Double-clic sur Combofix.
  • Si invitation à télécharger et installer la console de récupération, l'accepter.
  • La recherche va ensuite se lancer,
  • Attendre la fermeture de l’outil ( 5 à 10 mn),
  • Un rapport dans C:\Combofix.txt: héberge le et donne le lien.
    28 Mai 2010 00:07:31

    Ok, c'est normal que ta redirection soit revenu, le driver a été patché à nouveau. :o 

    Il suffit de localiser le rootkit qui doit faire ça, et ça devrait rouler après! Comme gmer ne passe pas, c'est un peu plus coton, on va essayé avec un autre anti-rootkit: suis le tuto ici et poste le rapport généré -> http://lanceyien.info/Forum/index.php?topic=715.0
    28 Mai 2010 00:38:26

    J'ai un problème pour desactiver mon antivus Mc Afee VirusScan Entreprise...j'ai beau desactiver tous les services, tuer les process impliqués les détecteur de rootkit me disent qu'il est toujours actif....une idée?
    28 Mai 2010 00:42:34

    Soit tu le fais en mode sans échec, soit tu outre-passes le message de l'antirootkit si ça marche. ;) 

    Si tu as désactivé les services ça ne devrait pas poser de soucis.
    28 Mai 2010 23:54:09

    Hum.. je pourrais savoir où et quand tu as ces pubs?
    29 Mai 2010 11:58:56

    Bon, je crois que je vais abandonner là, c'est beaucoup trop long, je préfère réinstaller le tout au propre, c'est mon portable du taf, je ne peux pas rester bloqué plus longtemps, merci pour ton aide.
    29 Mai 2010 21:12:20

    Bonsoir
    C'est dommage...
    On est plusieurs à avoir passer du temps sur ton topic... ;) 
    On ne pige pas pourquoi tu as des redirections alors qu'on a analysé les rapports OTLPE sous reatogo (c'est à dire sans le lancement de windows)
    Normalement on aurait dû loger l'infection.

    Je te propose quand même trois choses:
    1- répondre à la question d'ichigo:
    Citation :
    Hum.. je pourrais savoir où et quand tu as ces pubs?

    possible que tu n'aies que des pubs sous IE sur un site en particulier. (on testera pour voir si on a les mêmes)

    2- Possible qu'on soit passé à côté d'un TDL3: (j'en doute, mais vu qu'on n'a pas de rapport GMER, c'est envisageable)
    suis ce tuto et poste le rapport:
    http://lanceyien.info/Forum/index.php?topic=1014.0

    3- on se donne le weekend pour trouver.
    Après, si on bloque encore, c'est qu'on est face à une nouvelle infection.
    la seule que je vois serait un rootkit en mbr non reconnu par les tool actuels. On fera un dernier scan pour vérifier cette hypothèse.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS