Trojan horses DWH

argoat Messages postés 41 Statut Membre -  
joh9n Messages postés 23 Statut Membre -
Bonjour,
depuis quelques temps j'ai un soucis de trojan horse:
mon antivirus (Symantec) me detecte des trojan horses tous les jours.
J'ai remarqué qu'à chaque fois, les fichiers se nomment DWH????.tmp
les ? sont des chiffres et lettres majuscules
ce sont donc des fichiers temporaires, mon AV me les met en quarantaine dès qu'il les voit mais ca n'en finit jamais...
Quelqu'un pourrait m'aider à stopper ces canassons, je ne sais pas d'où ils pourraient venir, je ne sais pas comment le savoir, bref je m'en remets à vous.
Merci, pour vos réponses

8 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Je pense que ce sont des erreurs de détections de Symantec.
    OTL OK.
    Malwarebyte rien.

    et t'as pas de symptômes d'infections (redirection google etc).
    3
  2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Ca n'est pas forcément malicieux.

    Fais ça :

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    * Lance OTL
    * Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
    CREATERESTOREPOINT
    nslookup www.google.fr /c
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs

    * Clique sur le bouton Analyse.
    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.

    0
    1. argoat Messages postés 41 Statut Membre
       
      Voici le résultat,
      OTL Extras logfile created on: 13/02/2012 13:07:48 - Run 1
      OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\gautier.levay\Desktop
      Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      1,99 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 21,36% Memory free
      4,21 Gb Paging File | 2,14 Gb Available in Paging File | 50,68% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 77,53 Gb Total Space | 22,08 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
      Drive D: | 2,00 Gb Total Space | 1,37 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
      Drive E: | 69,43 Gb Total Space | 62,35 Gb Free Space | 89,81% Space Free | Partition Type: NTFS

      Computer Name: VISTAYACHT | User Name: gautier.levay | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      [color=#E56717]========== Extra Registry (SafeList) ==========/color


      [color=#E56717]========== File Associations ==========/color

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
      .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

      [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
      .html [@ = htmlfile] -- Reg Error: Key error. File not found

      [color=#E56717]========== Shell Spawning ==========/color

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
      Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
      Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

      [color=#E56717]========== Security Center Settings ==========/color

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "cval" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "AntiVirusOverride" = 0
      "AntiSpywareOverride" = 0
      "FirewallOverride" = 0
      "VistaSp1" = Reg Error: Unknown registry data type -- File not found
      "VistaSp2" = Reg Error: Unknown registry data type -- File not found

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

      [color=#E56717]========== Firewall Settings ==========/color

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
      "EnableFirewall" = 0
      "DoNotAllowExceptions" = 0
      "DisableNotifications" = 0
      "DisableUnicastResponsesToMulticastBroadcast" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
      "AllowUserPrefMerge" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
      "AllowUserPrefMerge" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
      "AllowOutboundDestinationUnreachable" = 0
      "AllowOutboundSourceQuench" = 0
      "AllowRedirect" = 0
      "AllowInboundEchoRequest" = 0
      "AllowInboundRouterRequest" = 0
      "AllowOutboundTimeExceeded" = 0
      "AllowOutboundParameterProblem" = 0
      "AllowInboundTimestampRequest" = 0
      "AllowInboundMaskRequest" = 0
      "AllowOutboundPacketTooBig" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
      "LogDroppedPackets" = 0
      "LogSuccessfulConnections" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
      "EnableFirewall" = 0
      "DoNotAllowExceptions" = 0
      "DisableNotifications" = 0
      "DisableUnicastResponsesToMulticastBroadcast" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
      "AllowUserPrefMerge" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
      "AllowUserPrefMerge" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
      "AllowOutboundDestinationUnreachable" = 0
      "AllowOutboundSourceQuench" = 0
      "AllowRedirect" = 0
      "AllowInboundEchoRequest" = 0
      "AllowInboundRouterRequest" = 0
      "AllowOutboundTimeExceeded" = 0
      "AllowOutboundParameterProblem" = 0
      "AllowInboundTimestampRequest" = 0
      "AllowInboundMaskRequest" = 0
      "AllowOutboundPacketTooBig" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
      "LogDroppedPackets" = 0
      "LogSuccessfulConnections" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
      "Enabled" = 0

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [color=#E56717]========== Authorized Applications List ==========/color


      [color=#E56717]========== Vista Active Open Ports Exception List ==========/color

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{027BCC2F-EF18-4951-B3D1-C73DAEFA3EC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{0E11A8A5-BBF9-42D4-9EC8-0C77E338FB28}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
      "{114F11C0-FCA3-4539-B688-227841C569CD}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
      "{32D76237-BF1E-48CB-8F89-EA34148D1348}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
      "{4DE6C179-5328-4194-8273-18B0F99ACF28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{51B08595-6CA4-4290-BF10-EA3D1E61B3F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
      "{917231DC-B408-498E-908E-024005EBE934}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
      "{A5039129-EA31-40AF-B4E0-F4D42214A0E2}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
      "{A7416C50-B903-4458-B847-C8C07D764FA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{AFE69B57-3E08-4718-80D2-D24532E575FF}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
      "{BC9DF60B-BEA7-4C54-B0B7-2CC6B03387ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
      "{C64A4880-43FC-4907-8AF5-224F0C664241}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
      "{C7DA052C-285C-4BAB-8F3E-3748E7968357}" = lport=2869 | protocol=6 | dir=in | app=system |
      "{DDEA3870-CAED-4282-95CD-44B5C564FBDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
      "{DEA8D6D0-30A2-40ED-924D-8E83FB48F6F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
      "{F498DFAD-E0D1-49F4-B4CE-C95769CC2A9C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

      [color=#E56717]========== Vista Active Application Exception List ==========/color

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
      "{273BC717-723B-489F-8F37-00BD06BA3765}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
      "{29D6DF24-7414-404C-ABDB-34F4F0A95F96}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
      "{393AE8D6-1594-4489-AB39-17598B4C84E4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
      "{45D17B2E-15E2-4612-943A-DC9DDE94FF43}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
      "{65781E5A-6845-4897-9100-6423120216DB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
      "{6D7E95F7-5795-470E-929A-2228A352CF59}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
      "{736139A6-C8E6-4ED0-82F3-69D2BBC4F3D5}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
      "{7FDDB8C3-C823-4FCD-9097-298A2D067CAB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
      "{82B0FFB2-EC98-47E5-9937-850E1EA8F606}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
      "{8E195D8C-E3C0-4F44-83E0-78F2CB73E64D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
      "{A9507A97-A99E-4DCB-B3ED-04661A37DE6A}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
      "{C68B95AA-102D-4C39-A994-B21835BB8589}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
      "{E2233D86-CAD8-4B30-9F54-6ED2AFF9F800}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
      "{EA593548-E466-4FB5-80CB-54604F094775}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
      "TCP Query User{593A8078-DB1D-44B0-889B-F5A8D0D41282}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
      "UDP Query User{734E558E-C1BE-4439-9A3A-25F8744CAB00}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

      [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
      "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
      "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
      "{0757F4DD-C2A3-4D04-8644-40E5BAD80DA6}" = Wanadoo GPRS
      "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
      "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
      "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
      "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
      "{0E3F182C-4ED5-405A-817B-A46D5A1103B1}" = Image Web Server 8.1 IE Plugin (3,4,0,242)
      "{1AC561AA-6C40-407A-AC5E-7AE8F4F3449B}" = Wave Infrastructure Installer
      "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
      "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
      "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
      "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
      "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
      "{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
      "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
      "{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
      "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
      "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
      "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
      "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
      "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
      "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
      "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
      "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
      "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
      "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Guide de l'utilisateur
      "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
      "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
      "{63988D27-DA4D-4C1E-99C6-50F1CF5D4A2A}" = Fingerprint Sensor Minimum Install
      "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
      "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
      "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
      "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
      "{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
      "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
      "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
      "{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
      "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
      "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
      "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
      "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
      "{9012040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
      "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
      "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
      "{9954484F-6EE4-4040-94E3-4B380646F867}" = Assistant Personnalisation du systéme Dell
      "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
      "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
      "{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
      "{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
      "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
      "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
      "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
      "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
      "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
      "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
      "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
      "{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.0 - Français
      "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
      "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
      "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
      "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
      "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
      "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
      "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
      "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
      "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
      "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
      "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
      "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
      "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
      "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
      "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
      "{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
      "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
      "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
      "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
      "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
      "{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
      "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Outil de diagnostic de modem
      "{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
      "{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
      "504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
      "7-Zip" = 7-Zip 4.42
      "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
      "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
      "CCleaner" = CCleaner
      "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
      "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
      "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
      "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
      "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
      "InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
      "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
      "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
      "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
      "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
      "Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
      "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
      "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
      "Langue Francaise pour PDFCreator_is1" = PDFCreator 0.8
      "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
      "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
      "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
      "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
      "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
      "Nokia Suite" = Nokia Suite
      "Shop for HP Supplies" = Shop for HP Supplies
      "VLC media player" = VLC media player 1.1.11
      "WinLiveSuite" = Windows Live

      [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========/color

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Juniper_Setup_Client" = Juniper Networks Setup Client
      "PhotoFiltre" = PhotoFiltre
      "UnityWebPlayer" = Unity Web Player

      [color=#E56717]========== Last 10 Event Log Errors ==========/color

      [ Application Events ]
      Error - 13/02/2012 07:12:02 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH6A78.tmp
      par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
      de l'action : Le fichier n'a pas été modifié.

      Error - 13/02/2012 07:12:03 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711685
      Description = Risque détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh623e.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
      de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
      Quarantaine - échec. Description de l'action : Le fichier a été supprimé. Risque
      détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh65e8.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
      de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
      Quarantaine - échec. Description de l'action : Le fichier a été supprimé.

      Error - 13/02/2012 07:12:04 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH6A78.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine.

      Error - 13/02/2012 07:12:05 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH706.tmp
      par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
      de l'action : Le fichier n'a pas été modifié.

      Error - 13/02/2012 07:12:07 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH706.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine.

      Error - 13/02/2012 07:12:08 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH7409.tmp
      par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
      de l'action : Le fichier n'a pas été modifié.

      Error - 13/02/2012 07:12:09 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711685
      Description = Risque détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh6a78.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
      de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
      Quarantaine - échec. Description de l'action : Le fichier a été supprimé. Risque
      détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh706.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
      de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
      Quarantaine - échec. Description de l'action : Le fichier a été supprimé.

      Error - 13/02/2012 07:12:10 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH7409.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine.

      Error - 13/02/2012 07:12:11 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH78EA.tmp
      par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
      de l'action : Le fichier n'a pas été modifié.

      Error - 13/02/2012 07:12:13 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
      Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH78EA.tmp
      par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
      : Le fichier a été mis en quarantaine.

      [ System Events ]
      Error - 13/02/2012 04:18:23 | Computer Name = VISTAYACHT.ifremer.fr | Source = Microsoft-Windows-GroupPolicy | ID = 1129
      Description = Échec du traitement de la stratégie de groupe en raison d'une absence
      de connectivité réseau vers un contrôleur de domaine. Il peut s'agir d'un problème
      temporaire. Un message de réussite est généré une fois que l'ordinateur est connecté
      au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
      Si aucun message de réussite ne s'affiche pendant plusieurs heures, contactez votre
      administrateur.

      Error - 13/02/2012 04:18:34 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7022
      Description =

      Error - 13/02/2012 04:18:34 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7001
      Description =

      Error - 13/02/2012 04:18:44 | Computer Name = VISTAYACHT.ifremer.fr | Source = TermService | ID = 1067
      Description =

      Error - 13/02/2012 04:18:46 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
      Description = Cet ordinateur ne peut pas authentifier avec \\vdc2010.ifremer.fr,
      un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
      conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
      pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
      le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
      ce message s'affiche encore, contactez votre administrateur système.

      Error - 13/02/2012 04:19:42 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
      Description = Cet ordinateur ne peut pas authentifier avec \\dc2003.ifremer.fr,
      un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
      conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
      pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
      le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
      ce message s'affiche encore, contactez votre administrateur système.

      Error - 13/02/2012 04:23:21 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7022
      Description =

      Error - 13/02/2012 04:26:00 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7022
      Description =

      Error - 13/02/2012 08:18:19 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
      Description = Cet ordinateur ne peut pas authentifier avec \\ntbrest.ifremer.fr,
      un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
      conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
      pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
      le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
      ce message s'affiche encore, contactez votre administrateur système.

      Error - 13/02/2012 08:30:56 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
      Description = Cet ordinateur ne peut pas authentifier avec \\vdc2010.ifremer.fr,
      un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
      conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
      pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
      le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
      ce message s'affiche encore, contactez votre administrateur système.


      < End of report >
      0
    2. argoat Messages postés 41 Statut Membre
       
      et l'autre,
      OTL logfile created on: 13/02/2012 13:07:48 - Run 1
      OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\gautier.levay\Desktop
      Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      1,99 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 21,36% Memory free
      4,21 Gb Paging File | 2,14 Gb Available in Paging File | 50,68% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 77,53 Gb Total Space | 22,08 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
      Drive D: | 2,00 Gb Total Space | 1,37 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
      Drive E: | 69,43 Gb Total Space | 62,35 Gb Free Space | 89,81% Space Free | Partition Type: NTFS

      Computer Name: VISTAYACHT | User Name: gautier.levay | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      [color=#E56717]========== Processes (SafeList) ==========[/color]

      PRC - [2012/02/13 13:05:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gautier.levay\Desktop\OTL (1).exe
      PRC - [2011/11/14 17:36:56 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
      PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
      PRC - [2011/03/10 23:32:22 | 000,632,176 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
      PRC - [2009/04/11 07:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
      PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
      PRC - [2007/09/07 21:33:00 | 002,532,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
      PRC - [2007/09/07 21:33:00 | 001,635,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
      PRC - [2007/09/06 02:55:00 | 002,177,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
      PRC - [2007/08/06 03:08:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      PRC - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      PRC - [2007/05/07 07:14:48 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
      PRC - [2007/05/07 07:14:42 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
      PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
      PRC - [2007/04/27 09:32:06 | 000,386,592 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
      PRC - [2007/03/08 17:43:44 | 000,218,688 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
      PRC - [2007/02/15 18:31:30 | 000,066,560 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
      PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      PRC - [2007/01/30 04:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
      PRC - [2007/01/26 02:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
      PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
      PRC - [2006/09/09 00:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
      PRC - [2006/09/09 00:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe


      [color=#E56717]========== Modules (No Company Name) ==========[/color]

      MOD - [2011/10/18 16:33:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
      MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
      MOD - [2007/04/24 06:00:52 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
      MOD - [2007/02/15 18:31:06 | 000,155,648 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
      MOD - [2007/02/15 18:30:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ConvertToDM40.dll
      MOD - [2007/02/15 18:30:14 | 000,602,112 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\VaultServer.dll
      MOD - [2007/02/15 18:29:54 | 000,262,144 | ---- | M] () -- C:\Windows\System32\wxvault.dll
      MOD - [2006/05/14 05:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll


      [color=#E56717]========== Win32 Services (SafeList) ==========[/color]

      SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
      SRV - [2011/03/10 23:32:22 | 000,632,176 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
      SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
      SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
      SRV - [2007/09/10 16:49:13 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
      SRV - [2007/09/07 21:35:00 | 000,234,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
      SRV - [2007/09/07 21:33:00 | 002,532,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
      SRV - [2007/09/06 02:55:00 | 002,177,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
      SRV - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
      SRV - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
      SRV - [2007/05/07 07:14:42 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
      SRV - [2007/04/27 09:32:06 | 000,386,592 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
      SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
      SRV - [2007/02/16 14:07:40 | 000,488,448 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
      SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
      SRV - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
      SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


      [color=#E56717]========== Driver Services (SafeList) ==========[/color]

      DRV - [2011/11/15 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
      DRV - [2011/11/15 10:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
      DRV - [2011/09/15 09:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120202.033\NAVEX15.SYS -- (NAVEX15)
      DRV - [2011/09/15 09:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120202.033\NAVENG.SYS -- (NAVENG)
      DRV - [2011/08/17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
      DRV - [2011/08/17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
      DRV - [2011/08/17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
      DRV - [2011/08/17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
      DRV - [2011/04/19 16:05:28 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
      DRV - [2011/04/19 16:05:28 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
      DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
      DRV - [2010/06/08 07:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
      DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
      DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
      DRV - [2008/01/18 16:46:41 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
      DRV - [2007/09/07 21:37:00 | 000,087,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
      DRV - [2007/09/07 21:34:00 | 000,039,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
      DRV - [2007/08/14 17:54:00 | 000,277,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
      DRV - [2007/08/14 17:54:00 | 000,250,416 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
      DRV - [2007/08/14 17:54:00 | 000,025,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
      DRV - [2007/08/06 15:29:00 | 000,049,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teefer2.sys -- (Teefer2)
      DRV - [2007/07/31 02:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
      DRV - [2007/05/07 07:14:50 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
      DRV - [2007/02/25 15:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
      DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
      DRV - [2007/02/24 00:47:34 | 000,056,576 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
      DRV - [2007/02/15 18:31:24 | 000,121,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
      DRV - [2007/02/01 10:22:44 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
      DRV - [2007/01/09 16:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
      DRV - [2007/01/09 16:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
      DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
      DRV - [2006/12/13 08:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
      DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
      DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
      DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
      DRV - [2006/08/28 16:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)


      [color=#E56717]========== Standard Registry (SafeList) ==========[/color]


      [color=#E56717]========== Internet Explorer ==========[/color]

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      [color=#E56717]========== FireFox ==========[/color]

      FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
      FF - prefs.js..browser.search.defaulturl: ""
      FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
      FF - prefs.js..browser.startup.homepage: "https://www.google.com/?gws_rd=ssl"
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
      FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.56.205
      FF - prefs.js..keyword.URL: "https://search.sweetim.com/search.asp?src=2&q="
      FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
      FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
      FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing"
      FF - prefs.js..browser.startup.homepage: "www.google.fr"
      FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA2"

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
      FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gautier.levay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/12 09:53:20 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2011/11/25 15:58:32 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 09:22:19 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 14:46:40 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/11/25 15:58:39 | 000,000,000 | ---D | M]

      [2008/10/22 13:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gautier.levay\AppData\Roaming\mozilla\Extensions
      [2012/01/31 17:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gautier.levay\AppData\Roaming\mozilla\Firefox\Profiles\tof6yjtl.default\extensions
      [2010/08/10 14:25:26 | 000,002,650 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Mozilla\Firefox\Profiles\tof6yjtl.default\searchplugins\bing.xml
      [2011/07/11 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
      [2010/05/10 14:46:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
      [2010/10/12 09:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
      [2011/05/09 12:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
      [2011/07/11 12:37:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      [2011/11/25 15:58:32 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_3.6
      [2009/07/01 12:38:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
      [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
      [2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
      [2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
      [2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
      [2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
      [2010/01/16 02:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

      [color=#E56717]========== Chrome ==========[/color]

      CHR - default_search_provider: Live Search ()
      CHR - default_search_provider: search_url = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
      CHR - default_search_provider: suggest_url =

      O1 HOSTS File: ([2008/06/18 15:16:31 | 000,250,462 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O1 - Hosts: 127.0.0.1 www.007guard.com
      O1 - Hosts: 127.0.0.1 007guard.com
      O1 - Hosts: 127.0.0.1 008i.com
      O1 - Hosts: 127.0.0.1 www.008k.com
      O1 - Hosts: 127.0.0.1 008k.com
      O1 - Hosts: 127.0.0.1 www.00hq.com
      O1 - Hosts: 127.0.0.1 00hq.com
      O1 - Hosts: 127.0.0.1 010402.com
      O1 - Hosts: 127.0.0.1 www.032439.com
      O1 - Hosts: 127.0.0.1 032439.com
      O1 - Hosts: 127.0.0.1 www.1001-search.info
      O1 - Hosts: 127.0.0.1 1001-search.info
      O1 - Hosts: 127.0.0.1 www.100888290cs.com
      O1 - Hosts: 127.0.0.1 100888290cs.com
      O1 - Hosts: 127.0.0.1 www.100sexlinks.com
      O1 - Hosts: 127.0.0.1 100sexlinks.com
      O1 - Hosts: 127.0.0.1 www.10sek.com
      O1 - Hosts: 127.0.0.1 10sek.com
      O1 - Hosts: 127.0.0.1 www.123topsearch.com
      O1 - Hosts: 127.0.0.1 123topsearch.com
      O1 - Hosts: 127.0.0.1 www.132.com
      O1 - Hosts: 127.0.0.1 132.com
      O1 - Hosts: 127.0.0.1 www.136136.net
      O1 - Hosts: 8731 more lines...
      O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
      O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
      O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
      O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
      O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
      O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
      O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [] File not found
      O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
      O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
      O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O13 - gopher Prefix: missing
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
      O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://93.17.20.133/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.246.86.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ifremer.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6E66BD-EDF5-4F61-8760-982394BC36B5}: DhcpNameServer = 134.246.86.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A345DB-CBDE-41D2-A5EE-2F4F98BEF282}: DhcpNameServer = 10.192.168.1
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Users\gautier.levay\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
      O24 - Desktop BackupWallPaper: C:\Users\gautier.levay\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
      O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O33 - MountPoints2\{24df3e38-2a70-11dd-9054-001c231bb729}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\PROGRA~1\DIGITA~1\DLG.exe - (Avanquest Software )
      MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      MsConfig - StartUpReg: [b]DellSupport[/b] - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
      MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - File not found
      MsConfig - StartUpReg: [b]MsnMsgr[/b] - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
      MsConfig - StartUpReg: [b]NokiaMServer[/b] - hkey= - key= - File not found
      MsConfig - StartUpReg: [b]NokiaOviSuite2[/b] - hkey= - key= - File not found
      MsConfig - StartUpReg: [b]PDVDDXSrv[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
      MsConfig - StartUpReg: [b]vspdfprsrv.exe[/b] - hkey= - key= - C:\Program Files\Visagesoft\eXPert PDF Creator\vspdfprsrv.exe (Visagesoft)
      MsConfig - StartUpReg: [b]Wanadoo GPRS[/b] - hkey= - key= - C:\Program Files\Wanadoo GPRS\WanaGPRS.exe (Wanadoo Interactive)

      SafeBootMin: Base - Driver Group
      SafeBootMin: Boot Bus Extender - Driver Group
      SafeBootMin: Boot file system - Driver Group
      SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
      SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
      SafeBootMin: File system - Driver Group
      SafeBootMin: Filter - Driver Group
      SafeBootMin: HelpSvc - Service
      SafeBootMin: NTDS - File not found
      SafeBootMin: PCI Configuration - Driver Group
      SafeBootMin: PNP Filter - Driver Group
      SafeBootMin: Primary disk - Driver Group
      SafeBootMin: sacsvr - Service
      SafeBootMin: SCSI Class - Driver Group
      SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
      SafeBootMin: Symantec Antvirus - Service
      SafeBootMin: System Bus Extender - Driver Group
      SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
      SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
      SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
      SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
      SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

      SafeBootNet: Base - Driver Group
      SafeBootNet: Boot Bus Extender - Driver Group
      SafeBootNet: Boot file system - Driver Group
      SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
      SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
      SafeBootNet: File system - Driver Group
      SafeBootNet: Filter - Driver Group
      SafeBootNet: HelpSvc - Service
      SafeBootNet: Messenger - Service
      SafeBootNet: NDIS Wrapper - Driver Group
      SafeBootNet: NetBIOSGroup - Driver Group
      SafeBootNet: NetDDEGroup - Driver Group
      SafeBootNet: Network - Driver Group
      SafeBootNet: NetworkProvider - Driver Group
      SafeBootNet: NTDS - File not found
      SafeBootNet: PCI Configuration - Driver Group
      SafeBootNet: PNP Filter - Driver Group
      SafeBootNet: PNP_TDI - Driver Group
      SafeBootNet: Primary disk - Driver Group
      SafeBootNet: rdsessmgr - Service
      SafeBootNet: sacsvr - Service
      SafeBootNet: SCSI Class - Driver Group
      SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
      SafeBootNet: Streams Drivers - Driver Group
      SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
      SafeBootNet: Symantec Antvirus - Service
      SafeBootNet: System Bus Extender - Driver Group
      SafeBootNet: TDI - Driver Group
      SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SafeBootNet: WudfUsbccidDriver - Driver
      SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
      SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
      SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
      SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
      SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
      SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
      SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
      SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
      SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
      SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

      ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
      ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
      ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
      ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
      ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
      ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
      ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
      ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
      ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
      ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
      ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
      ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
      ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
      ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
      ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
      ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
      ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
      ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
      ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
      ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
      ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
      ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
      ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
      ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
      ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
      ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
      ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
      ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
      ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
      ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
      ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
      ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
      ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

      Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
      Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
      Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point
      PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

      [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

      [2012/02/13 13:05:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\gautier.levay\Desktop\OTL (1).exe
      [2012/02/07 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Roaming\Auslogics
      [2012/01/26 13:31:41 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{8B3C5857-BA56-4D5B-BEE6-0A7BBE59D68B}
      [2012/01/26 09:38:08 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{41A8D127-5ED3-4A51-A8D3-984CA3907BD7}
      [2012/01/25 13:46:28 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{D7644D42-1651-45DF-BBD2-A80A4D0DB586}
      [2012/01/25 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{CC9056DE-06F5-4E43-A567-F7FBB8C06738}
      [2012/01/24 18:13:56 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{2B6CBDDC-4315-40B9-99B2-A84A2B713D12}
      [2012/01/24 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{814049A0-FDAE-4D3B-A00B-3379076E7263}
      [2012/01/24 08:48:32 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{252A3192-EEDD-4440-A1E2-D3766E953793}
      [2012/01/23 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{31EC93C8-ABFC-489A-83F8-3C97F273B067}
      [2012/01/18 09:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
      [2012/01/18 08:29:30 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{4DF0BE43-1EC1-4C5C-A32D-6F3DFAF91CFC}
      [2012/01/17 20:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Vlcclassic
      [2012/01/17 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
      [2012/01/17 20:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
      [2012/01/17 18:53:44 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{CCA61A77-0A59-48CE-92DA-D16E0943FB39}
      [2012/01/16 10:16:28 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\Desktop\SUIVI ACTUALISE
      [2012/01/16 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{01D51294-6038-4C91-8AF6-BBE6BABA8C27}

      [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

      [2012/02/13 13:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F919014-F79A-4E3E-955B-4CDE83763C51}.job
      [2012/02/13 13:11:17 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
      [2012/02/13 13:06:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/02/13 13:05:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gautier.levay\Desktop\OTL (1).exe
      [2012/02/13 11:15:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/02/13 11:15:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/02/13 10:06:31 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/02/13 09:25:46 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
      [2012/02/13 09:25:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/02/13 09:25:46 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
      [2012/02/13 09:25:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/02/13 09:18:17 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
      [2012/02/13 09:16:45 | 000,000,000 | ---- | M] () -- C:\Users\gautier.levay\AppData\Local\WavXMapDrive.bat
      [2012/02/13 09:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/02/13 09:15:12 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
      [2012/02/07 17:01:09 | 000,222,208 | ---- | M] () -- C:\Users\gautier.levay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/02/03 11:27:24 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
      [2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
      [2012/01/18 09:03:18 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
      [2012/01/18 08:59:04 | 021,073,936 | ---- | M] () -- C:\Users\gautier.levay\Desktop\vlc-1.1.11-win32.exe
      [2012/01/16 16:13:47 | 003,040,967 | ---- | M] () -- C:\Users\gautier.levay\Desktop\765_21_BUSHNELL_chasse_20100906_Web.pdf

      [color=#E56717]========== Files Created - No Company Name ==========[/color]

      [2012/02/13 13:11:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
      [2012/01/18 09:03:18 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
      [2012/01/18 08:58:53 | 021,073,936 | ---- | C] () -- C:\Users\gautier.levay\Desktop\vlc-1.1.11-win32.exe
      [2012/01/16 16:13:47 | 003,040,967 | ---- | C] () -- C:\Users\gautier.levay\Desktop\765_21_BUSHNELL_chasse_20100906_Web.pdf
      [2011/10/12 10:24:20 | 000,074,317 | ---- | C] () -- C:\Windows\hpqins16.dat
      [2011/04/19 16:05:28 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
      [2011/04/19 16:05:28 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
      [2009/09/21 09:31:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
      [2009/09/21 09:31:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
      [2009/09/21 09:29:27 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
      [2008/09/23 09:01:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
      [2008/07/12 12:12:52 | 000,000,680 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\d3d9caps.dat
      [2008/04/15 18:39:59 | 000,020,112 | ---- | C] () -- C:\Users\gautier.levay\AppData\Roaming\UserTile.png
      [2008/03/14 15:38:12 | 000,000,181 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\rahistory.xml
      [2008/03/13 16:17:22 | 000,002,730 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
      [2008/02/22 16:29:03 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini
      [2008/01/14 17:58:33 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
      [2008/01/14 17:48:52 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll
      [2008/01/14 14:20:40 | 000,222,208 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2008/01/14 11:08:46 | 000,016,886 | RHS- | C] () -- C:\ProgramData\ntuser.pol
      [2008/01/11 16:04:06 | 000,000,000 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\WavXMapDrive.bat
      [2007/10/31 22:25:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
      [2007/10/31 22:25:27 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
      [2007/10/31 22:25:27 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
      [2007/10/31 14:52:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
      [2007/10/31 14:50:48 | 001,736,704 | ---- | C] () -- C:\Windows\System32\Tsp1.dll
      [2007/10/31 14:50:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
      [2007/10/31 14:50:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
      [2007/10/31 14:45:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
      [2007/04/10 15:58:16 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
      [2007/04/10 15:58:10 | 000,266,240 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
      [2007/04/10 15:57:14 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
      [2007/04/10 15:57:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
      [2007/04/10 15:57:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
      [2007/04/10 15:56:54 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
      [2007/04/10 15:56:44 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
      [2007/04/10 15:56:38 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
      [2007/04/10 15:56:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
      [2007/04/10 15:56:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
      [2007/04/10 15:52:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
      [2007/02/16 12:09:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
      [2007/02/16 12:08:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
      [2007/02/16 12:08:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
      [2007/02/16 12:08:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
      [2007/02/16 12:07:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
      [2007/02/16 12:07:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
      [2007/02/16 12:07:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
      [2007/02/16 12:06:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
      [2007/02/16 12:06:38 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
      [2007/02/16 12:06:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
      [2007/02/15 18:29:54 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
      [2007/01/02 10:14:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
      [2006/11/13 10:19:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
      [2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
      [2006/11/02 16:47:07 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
      [2006/11/02 16:47:07 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
      [2006/11/02 16:47:07 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
      [2006/11/02 16:47:07 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
      [2006/11/02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
      [2006/11/02 13:47:43 | 000,260,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
      [2006/11/02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
      [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
      [2006/11/02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
      [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
      [2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
      [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
      [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
      [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
      [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
      [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
      [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
      [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
      [2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
      [2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
      [2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
      [2004/04/02 09:26:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\PDFSpooler.exe
      [2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

      [color=#E56717]========== Custom Scans ==========[/color]


      [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

      [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

      [color=#A23BEC]< %APPDATA%\*. >[/color]
      [2011/03/22 18:42:37 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\1C0014D1E0B94D29C53D8E73C1617762
      [2011/03/22 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Adobe
      [2012/02/07 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Auslogics
      [2008/02/20 21:25:05 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\CyberLink
      [2008/01/11 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Dell
      [2011/02/10 16:41:04 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\dvdcss
      [2009/03/09 15:34:40 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Earth Resource Mapping
      [2011/05/17 17:12:22 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\eXPert PDF Editor
      [2011/03/29 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\freeCompressor
      [2008/03/25 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Google
      [2008/01/18 11:22:49 | 000,000,000 | -H-D | M] -- C:\Users\gautier.levay\AppData\Roaming\GTek
      [2008/01/11 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Identities
      [2010/07/20 13:27:11 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks
      [2008/01/14 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Macromedia
      [2011/03/22 19:07:10 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Malwarebytes
      [2011/03/28 14:08:29 | 000,000,000 | --SD | M] -- C:\Users\gautier.levay\AppData\Roaming\Microsoft
      [2008/10/22 13:12:59 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Mozilla
      [2010/02/08 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Nokia
      [2011/03/28 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\OfferBox
      [2010/12/07 10:22:11 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PC Suite
      [2008/01/14 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PDFCreator
      [2008/04/15 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PeerNetworking
      [2011/08/03 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PhotoFiltre
      [2008/02/18 18:53:04 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Roxio
      [2011/08/08 17:06:28 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\vlc

      [color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
      [2011/03/08 20:57:56 | 000,132,464 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
      [2011/03/08 20:57:54 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
      [2011/03/08 20:57:04 | 000,329,552 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
      [2011/03/08 20:55:28 | 000,217,952 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
      [2011/03/08 20:58:02 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
      [2009/03/23 09:28:14 | 000,000,000 | R--- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      [2008/12/17 13:51:09 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Users\gautier.levay\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
      [2008/12/17 13:51:08 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Users\gautier.levay\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

      [color=#A23BEC]< %temp%\.exe /s >[/color]

      [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

      [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

      [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
      [2011/03/17 08:49:24 | 000,353,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtmsft.dll
      [2011/03/17 08:49:24 | 000,223,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtrans.dll
      [2007/09/07 21:33:00 | 000,048,000 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\FwsVpn.dll
      [2007/09/07 21:34:00 | 000,107,904 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\SymVPN.dll
      [2007/09/07 21:34:00 | 000,333,184 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\sysfer.dll

      [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

      [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
      [2007/09/07 21:37:00 | 000,087,424 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\SysPlant.sys
      [2007/08/06 15:29:00 | 000,049,024 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\teefer2.sys
      [2007/09/07 21:34:00 | 000,039,808 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\WPSDRVnt.sys
      [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\WpsHelper.sys

      [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
      [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
      [2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
      [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
      [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
      [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV


      [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
      [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
      [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
      [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
      [2008/01/18 11:30:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
      [2008/01/18 11:30:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
      [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
      [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
      [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
      [2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
      [2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

      [color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
      [2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
      [2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
      [2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

      [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
      [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
      [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
      [2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation
      0
  3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.

    Like the angel you are, you laugh creating a lightness in my chest,
    Your eyes they penetrate me,
    (Your answer's always 'maybe')
    That's when I got up and left
    0
  4. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Désinstalle SweetIM.

    Rien d'anormal.
    Possible que les fichiers créés soient des fichiers temporaires créé une application et Symantec couine dessus (faux positif).

    Eventuellement :

    Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
    !!! Malwarebyte doit être à jour avant de faire le scan !!!
    Supprime bien ce qui est détecté : bouton supprimer sélection.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. argoat
     
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Version de la base de données: v2012.02.13.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    gautier.levay :: VISTAYACHT [administrateur]

    13/02/2012 17:36:59
    mbam-log-2012-02-13 (17-36-59).txt

    Type d'examen: Examen complet
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 465446
    Temps écoulé: 2 heure(s), 35 minute(s), 1 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 1
    C:\Program Files\Vlcclassic\Uninstall.exe (Trojan.FakeVLC) -> Mis en quarantaine et supprimé avec succès.

    (fin)
    0
    1. argoat
       
      j'ai supprimé avec malware é fois mais sa reviens à chaque fois.
      0
  7. argoat
     
    Non rien de spéciale. Avec malware il y eu un problème à corrigé je l'ai corrigé et quand j'ai repassé malware toujours ce meme problème (en ayant redémarrer).

    Fichier(s) détecté(s): 1
    C:\Program Files\Vlcclassic\Uninstall.exe (Trojan.FakeVLC) -> Mis en quarantaine et supprimé avec succès
    0
  8. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    La détection de Malwarebyte, c'est rien.

    Ton PC n'est pas infecté.
    0
  9. joh9n Messages postés 23 Statut Membre
     
    Bonjour,

    Comme "argoat" ci-dessus, j'ai un problème de virus "dwh???.exe", avec l'extension ".exe" au lieu de ".tmp" pour lui.
    Mon antivirus (Symantec) me detecte des trojan horses tous les jours.
    J'ai remarqué qu'à chaque fois, les fichiers se nomment "dwh???.exe"
    les ? sont des chiffres et lettres minuscules.
    Mon AV me les met en quarantaine dès qu'il les voit mais ca n'en finit jamais...
    Quelqu'un pourrait m'aider à stopper ces canassons, je ne sais pas d'où ils pourraient venir, je ne sais pas comment le savoir, bref je m'en remets à vous.
    Merci, pour vos réponses.
    Windows XP SP3 / Google Chrome 17
    0