Trojan horses DWH

Voici le résultat,
OTL Extras logfile created on: 13/02/2012 13:07:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\gautier.levay\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 21,36% Memory free
4,21 Gb Paging File | 2,14 Gb Available in Paging File | 50,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 77,53 Gb Total Space | 22,08 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,37 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
Drive E: | 69,43 Gb Total Space | 62,35 Gb Free Space | 89,81% Space Free | Partition Type: NTFS

Computer Name: VISTAYACHT | User Name: gautier.levay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========/color


[color=#E56717]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 0
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 0
"LogSuccessfulConnections" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========/color


[color=#E56717]========== Vista Active Open Ports Exception List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027BCC2F-EF18-4951-B3D1-C73DAEFA3EC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E11A8A5-BBF9-42D4-9EC8-0C77E338FB28}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{114F11C0-FCA3-4539-B688-227841C569CD}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{32D76237-BF1E-48CB-8F89-EA34148D1348}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4DE6C179-5328-4194-8273-18B0F99ACF28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51B08595-6CA4-4290-BF10-EA3D1E61B3F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{917231DC-B408-498E-908E-024005EBE934}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A5039129-EA31-40AF-B4E0-F4D42214A0E2}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A7416C50-B903-4458-B847-C8C07D764FA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFE69B57-3E08-4718-80D2-D24532E575FF}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{BC9DF60B-BEA7-4C54-B0B7-2CC6B03387ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C64A4880-43FC-4907-8AF5-224F0C664241}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C7DA052C-285C-4BAB-8F3E-3748E7968357}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DDEA3870-CAED-4282-95CD-44B5C564FBDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DEA8D6D0-30A2-40ED-924D-8E83FB48F6F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F498DFAD-E0D1-49F4-B4CE-C95769CC2A9C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{273BC717-723B-489F-8F37-00BD06BA3765}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{29D6DF24-7414-404C-ABDB-34F4F0A95F96}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{393AE8D6-1594-4489-AB39-17598B4C84E4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{45D17B2E-15E2-4612-943A-DC9DDE94FF43}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{65781E5A-6845-4897-9100-6423120216DB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{6D7E95F7-5795-470E-929A-2228A352CF59}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{736139A6-C8E6-4ED0-82F3-69D2BBC4F3D5}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{7FDDB8C3-C823-4FCD-9097-298A2D067CAB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{82B0FFB2-EC98-47E5-9937-850E1EA8F606}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8E195D8C-E3C0-4F44-83E0-78F2CB73E64D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{A9507A97-A99E-4DCB-B3ED-04661A37DE6A}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{C68B95AA-102D-4C39-A994-B21835BB8589}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{E2233D86-CAD8-4B30-9F54-6ED2AFF9F800}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{EA593548-E466-4FB5-80CB-54604F094775}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"TCP Query User{593A8078-DB1D-44B0-889B-F5A8D0D41282}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{734E558E-C1BE-4439-9A3A-25F8744CAB00}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0757F4DD-C2A3-4D04-8644-40E5BAD80DA6}" = Wanadoo GPRS
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E3F182C-4ED5-405A-817B-A46D5A1103B1}" = Image Web Server 8.1 IE Plugin (3,4,0,242)
"{1AC561AA-6C40-407A-AC5E-7AE8F4F3449B}" = Wave Infrastructure Installer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Guide de l'utilisateur
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63988D27-DA4D-4C1E-99C6-50F1CF5D4A2A}" = Fingerprint Sensor Minimum Install
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9012040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{9954484F-6EE4-4040-94E3-4B380646F867}" = Assistant Personnalisation du systéme Dell
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1036-7B44-A81000000003}" = Adobe Reader 8.1.0 - Français
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Outil de diagnostic de modem
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Langue Francaise pour PDFCreator_is1" = PDFCreator 0.8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Nokia Suite" = Nokia Suite
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========/color

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"PhotoFiltre" = PhotoFiltre
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========/color

[ Application Events ]
Error - 13/02/2012 07:12:02 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH6A78.tmp
par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
de l'action : Le fichier n'a pas été modifié.

Error - 13/02/2012 07:12:03 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711685
Description = Risque détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh623e.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
Quarantaine - échec. Description de l'action : Le fichier a été supprimé. Risque
détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh65e8.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
Quarantaine - échec. Description de l'action : Le fichier a été supprimé.

Error - 13/02/2012 07:12:04 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH6A78.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine.

Error - 13/02/2012 07:12:05 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH706.tmp
par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
de l'action : Le fichier n'a pas été modifié.

Error - 13/02/2012 07:12:07 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH706.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine.

Error - 13/02/2012 07:12:08 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH7409.tmp
par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
de l'action : Le fichier n'a pas été modifié.

Error - 13/02/2012 07:12:09 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711685
Description = Risque détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh6a78.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
Quarantaine - échec. Description de l'action : Le fichier a été supprimé. Risque
détecté !Trojan.Gen dans Fichier : c:\users\gautier.levay\appdata\local\temp\dwh706.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine. dans Fichier : Cache de fichier temporaire
de navigateur Internet par : analyse Planifié(e). Action : Nettoyer - échec :
Quarantaine - échec. Description de l'action : Le fichier a été supprimé.

Error - 13/02/2012 07:12:10 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH7409.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine.

Error - 13/02/2012 07:12:11 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711726
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH78EA.tmp
par : analyse Planifié(e). Action : Nettoyer - échec : Quarantaine - échec. Description
de l'action : Le fichier n'a pas été modifié.

Error - 13/02/2012 07:12:13 | Computer Name = VISTAYACHT.ifremer.fr | Source = Symantec AntiVirus | ID = 16711731
Description = Risque de sécurité détecté.Trojan.Gen dans Fichier : c:\Users\gautier.levay\AppData\Local\Temp\DWH78EA.tmp
par : analyse Planifié(e). Action : Quarantaine réussite. Description de l'action
: Le fichier a été mis en quarantaine.

[ System Events ]
Error - 13/02/2012 04:18:23 | Computer Name = VISTAYACHT.ifremer.fr | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d'une absence
de connectivité réseau vers un contrôleur de domaine. Il peut s'agir d'un problème
temporaire. Un message de réussite est généré une fois que l'ordinateur est connecté
au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
Si aucun message de réussite ne s'affiche pendant plusieurs heures, contactez votre
administrateur.

Error - 13/02/2012 04:18:34 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7022
Description =

Error - 13/02/2012 04:18:34 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7001
Description =

Error - 13/02/2012 04:18:44 | Computer Name = VISTAYACHT.ifremer.fr | Source = TermService | ID = 1067
Description =

Error - 13/02/2012 04:18:46 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
Description = Cet ordinateur ne peut pas authentifier avec \\vdc2010.ifremer.fr,
un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
ce message s'affiche encore, contactez votre administrateur système.

Error - 13/02/2012 04:19:42 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
Description = Cet ordinateur ne peut pas authentifier avec \\dc2003.ifremer.fr,
un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
ce message s'affiche encore, contactez votre administrateur système.

Error - 13/02/2012 04:23:21 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7022
Description =

Error - 13/02/2012 04:26:00 | Computer Name = VISTAYACHT.ifremer.fr | Source = Service Control Manager | ID = 7022
Description =

Error - 13/02/2012 08:18:19 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
Description = Cet ordinateur ne peut pas authentifier avec \\ntbrest.ifremer.fr,
un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
ce message s'affiche encore, contactez votre administrateur système.

Error - 13/02/2012 08:30:56 | Computer Name = VISTAYACHT.ifremer.fr | Source = NETLOGON | ID = 3210
Description = Cet ordinateur ne peut pas authentifier avec \\vdc2010.ifremer.fr,
un contrôleur de domaine Windows pour le domaine IFR. Cet ordinateur pourrait par
conséquent refuser les demandes d'ouvertures de session. Cette impossibilité d'authentification
pourrait avoir été causée par un autre ordinateur sur le même réseau, utilisant
le même nom ou ayant un mot de passe non reconnu pour ce compte d'ordinateur. Si
ce message s'affiche encore, contactez votre administrateur système.


< End of report >

et l'autre,
OTL logfile created on: 13/02/2012 13:07:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\gautier.levay\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 21,36% Memory free
4,21 Gb Paging File | 2,14 Gb Available in Paging File | 50,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 77,53 Gb Total Space | 22,08 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,37 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
Drive E: | 69,43 Gb Total Space | 62,35 Gb Free Space | 89,81% Space Free | Partition Type: NTFS

Computer Name: VISTAYACHT | User Name: gautier.levay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/13 13:05:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gautier.levay\Desktop\OTL (1).exe
PRC - [2011/11/14 17:36:56 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/10 23:32:22 | 000,632,176 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/04/11 07:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/07 21:33:00 | 002,532,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2007/09/07 21:33:00 | 001,635,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2007/09/06 02:55:00 | 002,177,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2007/08/06 03:08:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/05/07 07:14:48 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/05/07 07:14:42 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/27 09:32:06 | 000,386,592 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/08 17:43:44 | 000,218,688 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/02/15 18:31:30 | 000,066,560 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/02/12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/30 04:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/26 02:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/09/09 00:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2006/09/09 00:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/18 16:33:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/04/24 06:00:52 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/02/15 18:31:06 | 000,155,648 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
MOD - [2007/02/15 18:30:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ConvertToDM40.dll
MOD - [2007/02/15 18:30:14 | 000,602,112 | ---- | M] () -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\VaultServer.dll
MOD - [2007/02/15 18:29:54 | 000,262,144 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2006/05/14 05:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/10 23:32:22 | 000,632,176 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/09/10 16:49:13 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007/09/07 21:35:00 | 000,234,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2007/09/07 21:33:00 | 002,532,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2007/09/06 02:55:00 | 002,177,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/08/06 03:08:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/05/07 07:14:42 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/04/27 09:32:06 | 000,386,592 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/16 14:07:40 | 000,488,448 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/02/12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/01 10:21:22 | 001,466,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/11/15 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 10:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/15 09:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120202.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/15 09:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120202.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/04/19 16:05:28 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/04/19 16:05:28 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/08 07:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 16:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/01/18 16:46:41 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/09/07 21:37:00 | 000,087,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2007/09/07 21:34:00 | 000,039,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2007/08/14 17:54:00 | 000,277,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/08/14 17:54:00 | 000,250,416 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/08/14 17:54:00 | 000,025,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/08/06 15:29:00 | 000,049,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teefer2.sys -- (Teefer2)
DRV - [2007/07/31 02:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/05/07 07:14:50 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 15:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/24 00:47:34 | 000,056,576 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/15 18:31:24 | 000,121,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/02/01 10:22:44 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/09 16:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 16:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/12/13 08:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/28 16:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.56.205
FF - prefs.js..keyword.URL: "https://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA2"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gautier.levay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/12 09:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2011/11/25 15:58:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/22 09:22:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 14:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/11/25 15:58:39 | 000,000,000 | ---D | M]

[2008/10/22 13:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gautier.levay\AppData\Roaming\mozilla\Extensions
[2012/01/31 17:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gautier.levay\AppData\Roaming\mozilla\Firefox\Profiles\tof6yjtl.default\extensions
[2010/08/10 14:25:26 | 000,002,650 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Mozilla\Firefox\Profiles\tof6yjtl.default\searchplugins\bing.xml
[2011/07/11 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/05/10 14:46:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/12 09:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/09 12:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/11 12:37:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/25 15:58:32 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_3.6
[2009/07/01 12:38:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/16 02:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Live Search ()
CHR - default_search_provider: search_url = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2008/06/18 15:16:31 | 000,250,462 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8731 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://93.17.20.133/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.246.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ifremer.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6E66BD-EDF5-4F61-8760-982394BC36B5}: DhcpNameServer = 134.246.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A345DB-CBDE-41D2-A5EE-2F4F98BEF282}: DhcpNameServer = 10.192.168.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\gautier.levay\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\gautier.levay\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24df3e38-2a70-11dd-9054-001c231bb729}\Shell\AutoRun\command - "" = wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\PROGRA~1\DIGITA~1\DLG.exe - (Avanquest Software )
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]DellSupport[/b] - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]MsnMsgr[/b] - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]NokiaMServer[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NokiaOviSuite2[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]PDVDDXSrv[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: [b]vspdfprsrv.exe[/b] - hkey= - key= - C:\Program Files\Visagesoft\eXPert PDF Creator\vspdfprsrv.exe (Visagesoft)
MsConfig - StartUpReg: [b]Wanadoo GPRS[/b] - hkey= - key= - C:\Program Files\Wanadoo GPRS\WanaGPRS.exe (Wanadoo Interactive)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/13 13:05:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\gautier.levay\Desktop\OTL (1).exe
[2012/02/07 17:01:08 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Roaming\Auslogics
[2012/01/26 13:31:41 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{8B3C5857-BA56-4D5B-BEE6-0A7BBE59D68B}
[2012/01/26 09:38:08 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{41A8D127-5ED3-4A51-A8D3-984CA3907BD7}
[2012/01/25 13:46:28 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{D7644D42-1651-45DF-BBD2-A80A4D0DB586}
[2012/01/25 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{CC9056DE-06F5-4E43-A567-F7FBB8C06738}
[2012/01/24 18:13:56 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{2B6CBDDC-4315-40B9-99B2-A84A2B713D12}
[2012/01/24 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{814049A0-FDAE-4D3B-A00B-3379076E7263}
[2012/01/24 08:48:32 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{252A3192-EEDD-4440-A1E2-D3766E953793}
[2012/01/23 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{31EC93C8-ABFC-489A-83F8-3C97F273B067}
[2012/01/18 09:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/18 08:29:30 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{4DF0BE43-1EC1-4C5C-A32D-6F3DFAF91CFC}
[2012/01/17 20:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Vlcclassic
[2012/01/17 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012/01/17 20:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012/01/17 18:53:44 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{CCA61A77-0A59-48CE-92DA-D16E0943FB39}
[2012/01/16 10:16:28 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\Desktop\SUIVI ACTUALISE
[2012/01/16 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\gautier.levay\AppData\Local\{01D51294-6038-4C91-8AF6-BBE6BABA8C27}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/13 13:15:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F919014-F79A-4E3E-955B-4CDE83763C51}.job
[2012/02/13 13:11:17 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/02/13 13:06:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 13:05:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\gautier.levay\Desktop\OTL (1).exe
[2012/02/13 11:15:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 11:15:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 10:06:31 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 09:25:46 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/02/13 09:25:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/13 09:25:46 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/02/13 09:25:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/13 09:18:17 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/02/13 09:16:45 | 000,000,000 | ---- | M] () -- C:\Users\gautier.levay\AppData\Local\WavXMapDrive.bat
[2012/02/13 09:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 09:15:12 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 17:01:09 | 000,222,208 | ---- | M] () -- C:\Users\gautier.levay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 11:27:24 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/18 09:03:18 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/01/18 08:59:04 | 021,073,936 | ---- | M] () -- C:\Users\gautier.levay\Desktop\vlc-1.1.11-win32.exe
[2012/01/16 16:13:47 | 003,040,967 | ---- | M] () -- C:\Users\gautier.levay\Desktop\765_21_BUSHNELL_chasse_20100906_Web.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/13 13:11:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/01/18 09:03:18 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/01/18 08:58:53 | 021,073,936 | ---- | C] () -- C:\Users\gautier.levay\Desktop\vlc-1.1.11-win32.exe
[2012/01/16 16:13:47 | 003,040,967 | ---- | C] () -- C:\Users\gautier.levay\Desktop\765_21_BUSHNELL_chasse_20100906_Web.pdf
[2011/10/12 10:24:20 | 000,074,317 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011/04/19 16:05:28 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/04/19 16:05:28 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/09/21 09:31:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/21 09:31:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/21 09:29:27 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008/09/23 09:01:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/12 12:12:52 | 000,000,680 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\d3d9caps.dat
[2008/04/15 18:39:59 | 000,020,112 | ---- | C] () -- C:\Users\gautier.levay\AppData\Roaming\UserTile.png
[2008/03/14 15:38:12 | 000,000,181 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\rahistory.xml
[2008/03/13 16:17:22 | 000,002,730 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/02/22 16:29:03 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini
[2008/01/14 17:58:33 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/14 17:48:52 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll
[2008/01/14 14:20:40 | 000,222,208 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/14 11:08:46 | 000,016,886 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/11 16:04:06 | 000,000,000 | ---- | C] () -- C:\Users\gautier.levay\AppData\Local\WavXMapDrive.bat
[2007/10/31 22:25:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2007/10/31 22:25:27 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/31 22:25:27 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/31 14:52:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2007/10/31 14:50:48 | 001,736,704 | ---- | C] () -- C:\Windows\System32\Tsp1.dll
[2007/10/31 14:50:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2007/10/31 14:50:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007/10/31 14:45:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2007/04/10 15:58:16 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/04/10 15:58:10 | 000,266,240 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/04/10 15:57:14 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/04/10 15:57:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/04/10 15:57:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/04/10 15:56:54 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/04/10 15:56:44 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/04/10 15:56:38 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/04/10 15:56:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/04/10 15:56:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/04/10 15:52:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/02/16 12:09:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/02/16 12:08:52 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/02/16 12:08:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/02/16 12:08:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/02/16 12:07:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/02/16 12:07:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/02/16 12:07:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/02/16 12:06:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/02/16 12:06:38 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/02/16 12:06:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/02/15 18:29:54 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/01/02 10:14:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2006/11/13 10:19:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 16:47:07 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 16:47:07 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 16:47:07 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 16:47:07 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:43 | 000,260,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2004/04/02 09:26:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\PDFSpooler.exe
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2011/03/22 18:42:37 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\1C0014D1E0B94D29C53D8E73C1617762
[2011/03/22 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Adobe
[2012/02/07 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Auslogics
[2008/02/20 21:25:05 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\CyberLink
[2008/01/11 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Dell
[2011/02/10 16:41:04 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\dvdcss
[2009/03/09 15:34:40 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Earth Resource Mapping
[2011/05/17 17:12:22 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\eXPert PDF Editor
[2011/03/29 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\freeCompressor
[2008/03/25 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Google
[2008/01/18 11:22:49 | 000,000,000 | -H-D | M] -- C:\Users\gautier.levay\AppData\Roaming\GTek
[2008/01/11 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Identities
[2010/07/20 13:27:11 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks
[2008/01/14 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Macromedia
[2011/03/22 19:07:10 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Malwarebytes
[2011/03/28 14:08:29 | 000,000,000 | --SD | M] -- C:\Users\gautier.levay\AppData\Roaming\Microsoft
[2008/10/22 13:12:59 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Mozilla
[2010/02/08 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Nokia
[2011/03/28 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\OfferBox
[2010/12/07 10:22:11 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PC Suite
[2008/01/14 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PDFCreator
[2008/04/15 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PeerNetworking
[2011/08/03 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\PhotoFiltre
[2008/02/18 18:53:04 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\Roxio
[2011/08/08 17:06:28 | 000,000,000 | ---D | M] -- C:\Users\gautier.levay\AppData\Roaming\vlc

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2011/03/08 20:57:56 | 000,132,464 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011/03/08 20:57:54 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011/03/08 20:57:04 | 000,329,552 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011/03/08 20:55:28 | 000,217,952 | ---- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011/03/08 20:58:02 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\gautier.levay\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2009/03/23 09:28:14 | 000,000,000 | R--- | M] () -- C:\Users\gautier.levay\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
[2008/12/17 13:51:09 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Users\gautier.levay\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
[2008/12/17 13:51:08 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Users\gautier.levay\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

[color=#A23BEC]< %temp%\.exe /s >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2011/03/17 08:49:24 | 000,353,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtmsft.dll
[2011/03/17 08:49:24 | 000,223,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtrans.dll
[2007/09/07 21:33:00 | 000,048,000 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\FwsVpn.dll
[2007/09/07 21:34:00 | 000,107,904 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\SymVPN.dll
[2007/09/07 21:34:00 | 000,333,184 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\sysfer.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2007/09/07 21:37:00 | 000,087,424 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\SysPlant.sys
[2007/08/06 15:29:00 | 000,049,024 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\teefer2.sys
[2007/09/07 21:34:00 | 000,039,808 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\WPSDRVnt.sys
[2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\WpsHelper.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/18 11:30:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/18 11:30:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation

Voici les liens :

https://pjjoint.malekal.com/files.php?id=20120213_t10d10h9n6o8

https://pjjoint.malekal.com/files.php?id=20120213_b13i11s7i6n7

j'ai supprimé avec malware é fois mais sa reviens à chaque fois.