I am unable to access windows update on my dad's computer, other websites work ok both in IE and FF.
Sometimes I get the yellow shield icon in the bottom right corner, showing windows autoupdate status but it's stuck at 0%.
Now and then, when loading a webpage I get an extra page that opens randomly, generally to a mock antivirus "software" page.
His computer hadn't had an antivirus for god knows how long, I just started accessing it a week ago via teamviewer (I live in a different country).
Avast woudln't find anything and get disabled by whatever was there, BitDefender's online scan found Gen.variant.Beax.2 or something like that, and mbam removed a whole lot of junk to start with.
I then followed the sticker Cleaning Guide, didn't have much luck with it, notably gmer crashes each time, even after redownloading it.
Here are my logs, do you have any ideas?
www.malwarebytes.org
Version de la base de données _linenums:4151'>Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgVersion de la base de données: 4151Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870207/06/2010 03:55:23mbam-log-2010-06-07 (03-55-23).txtType d'examen: Examen rapideElément(s) analysé(s): 115110Temps écoulé: 16 minute(s), 34 seconde(s)Processus mémoire infecté(s): 0Module(s) mémoire infecté(s): 0Clé(s) du Registre infectée(s): 1Valeur(s) du Registre infectée(s): 0Elément(s) de données du Registre infecté(s): 0Dossier(s) infecté(s): 0Fichier(s) infecté(s): 0Processus mémoire infecté(s):(Aucun élément nuisible détecté)Module(s) mémoire infecté(s):(Aucun élément nuisible détecté)Clé(s) du Registre infectée(s):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.Valeur(s) du Registre infectée(s):(Aucun élément nuisible détecté)Elément(s) de données du Registre infecté(s):(Aucun élément nuisible détecté)Dossier(s) infecté(s):(Aucun élément nuisible détecté)Fichier(s) infecté(s):(Aucun élément nuisible détecté)OTL logfile created on: 08/06/2010 17:24:33 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Bernard Lévêque\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
495,00 Mb Total Physical Memory | 196,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 13,09 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
Drive D: | 42,78 Gb Total Space | 42,61 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BERNARD-LAPTOP
Current User Name: Bernard Lévêque
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/07 05:23:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
PRC - [2010/05/21 13:33:32 | 004,738,856 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/05/21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/05/06 23:12:32 | 002,466,528 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010/05/06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/03/18 16:25:08 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/26 21:45:18 | 001,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/26 21:45:02 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/03/22 12:07:22 | 000,040,960 | ---- | M] () -- C:\Program Files\System Control Manager\edd.exe
PRC - [2005/01/27 10:33:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
========== Modules (SafeList) ==========
MOD - [2010/06/07 05:23:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
MOD - [2010/05/21 13:33:34 | 000,107,816 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TV.dll
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/10/19 14:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcInj.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/05/21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/22 12:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)
SRV - [2005/01/27 10:33:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2010/05/30 21:58:15 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/05/30 21:58:14 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/30 21:58:14 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/05/30 21:58:13 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/12 04:01:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/10/12 04:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/10/12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 03:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/08/02 11:44:42 | 000,384,384 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/07/24 10:15:00 | 004,353,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/03 11:31:26 | 000,009,088 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006/06/19 00:40:44 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/14 13:02:00 | 003,660,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/01 16:37:58 | 000,236,800 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2006/03/06 23:49:36 | 000,011,136 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/04 00:31:04 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/04 00:31:02 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/27 09:00:00 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/02/20 10:01:00 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/26 06:21:00 | 001,145,728 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/05 14:00:00 | 000,023,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gvpiobny.sys -- (gvpiobny)
DRV - [2003/10/05 11:41:14 | 000,123,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sojubus.sys -- (sojubus)
DRV - [2003/09/28 11:57:52 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys -- (sojuscsi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 27 23 7B 0F 05 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="
FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/05/30 16:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 03:35:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/05 06:16:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/27 00:22:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/05/30 16:51:40 | 000,000,000 | ---D | M]
[2010/05/27 00:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Extensions
[2010/05/27 00:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/07 22:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\extensions
[2010/05/27 00:15:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/30 00:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/06/07 22:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 06:17:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/05 06:16:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/05/20 18:56:25 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: () - {3C38EC1A-4130-414F-BE6D-E79F27F622FC} - C:\WINDOWS\System32\tislvrr.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1275023823875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Scryptnat: DllName - Scryptnat.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/02/13 19:35:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/06/19 10:26:16 | 000,192,512 | R--- | M] (Auralog) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/06/26 18:53:06 | 000,000,053 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{4fdf528a-fc7b-11de-b31d-00161752e366}\Shell\AutoRun\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O33 - MountPoints2\{4fdf528a-fc7b-11de-b31d-00161752e366}\Shell\open\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O33 - MountPoints2\{bef07772-c113-11db-acc1-00161752e366}\Shell - "" = AutoRun
O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell - "" = AutoRun
O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{eb67736c-a26b-11db-ac9c-00161752e366}\Shell\AutoRun\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O33 - MountPoints2\{eb67736c-a26b-11db-ac9c-00161752e366}\Shell\open\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/02/13 19:34:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (12961403845476352)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/07 05:24:34 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
[2010/06/07 02:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/07 02:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/06 02:52:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bernard Lévêque\Bureau\erunt_setup.exe
[2010/06/06 02:50:43 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\TFC.exe
[2010/06/05 07:18:21 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/06/05 06:48:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/05 03:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/06/05 01:49:18 | 000,053,248 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSUBTMR6.DLL
[2010/06/05 01:25:23 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/06/05 01:24:06 | 000,000,000 | ---D | C] -- C:\apup
[2010/06/01 16:55:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/05/30 16:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/05/30 16:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\BitDefender
[2010/05/30 16:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/05/30 16:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
[2010/05/30 07:33:57 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/30 07:33:57 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/30 07:33:56 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/30 07:33:55 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/30 07:33:54 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/30 07:33:54 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/30 07:33:54 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/30 07:33:28 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/30 07:33:28 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/30 00:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\QuickScan
[2010/05/29 16:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/05/28 20:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\OpenOffice.org
[2010/05/28 19:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/28 19:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/28 19:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/28 19:23:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bernard Lévêque\IECompatCache
[2010/05/28 07:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Malwarebytes
[2010/05/28 07:24:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/28 07:24:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 07:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/28 07:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/28 01:35:21 | 000,000,000 | ---D | C] -- C:\FyK
[2010/05/27 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Mes documents\Téléchargements
[2010/05/27 00:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 23:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Mes documents\hillary fergusson pole sud.php_fichiers
[2010/05/25 22:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\TeamViewer
[2010/05/25 22:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/05/20 21:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\SFR
[2003/10/05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003/09/28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2 C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp files -> C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/08 17:15:02 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006UA.job
[2010/06/08 01:38:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/07 22:15:07 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006Core.job
[2010/06/07 21:02:52 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job
[2010/06/07 21:00:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/07 20:59:37 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 20:59:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 20:59:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 05:31:14 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Bernard Lévêque\NTUSER.DAT
[2010/06/07 05:23:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
[2010/06/07 03:57:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Bernard Lévêque\ntuser.ini
[2010/06/07 02:45:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\NTREGOPT.lnk
[2010/06/07 02:45:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\ERUNT.lnk
[2010/06/06 14:23:20 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/06/06 02:51:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bernard Lévêque\Bureau\erunt_setup.exe
[2010/06/06 02:49:50 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\TFC.exe
[2010/06/05 06:54:09 | 000,000,938 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/05 03:58:58 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 21:18:57 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Application Dataprivacy.xml
[2010/05/30 22:09:11 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2010/05/30 22:09:11 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/05/30 21:58:13 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/05/30 07:33:54 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/28 22:39:03 | 000,020,080 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 22:35:54 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/28 22:21:23 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\housecall.guid.cache
[2010/05/27 00:22:32 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/05/26 23:34:56 | 000,029,980 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Mes documents\hillary fergusson pole sud.php.htm
[2010/05/20 21:53:12 | 001,121,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 21:53:12 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/20 21:53:12 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 21:53:12 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/20 21:53:12 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 18:56:25 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/20 18:56:25 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 22:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp files -> C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/07 02:45:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\NTREGOPT.lnk
[2010/06/07 02:45:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\ERUNT.lnk
[2010/06/06 02:54:29 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\gmer.exe
[2010/06/05 03:58:58 | 000,000,938 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/05 03:57:55 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/31 22:10:59 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006UA.job
[2010/05/31 22:10:58 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006Core.job
[2010/05/31 19:42:10 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Application Dataprivacy.xml
[2010/05/30 22:09:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/05/30 22:09:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/05/30 22:02:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/05/28 22:21:23 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\housecall.guid.cache
[2010/05/28 19:26:14 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job
[2010/05/26 23:34:55 | 000,029,980 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Mes documents\hillary fergusson pole sud.php.htm
[2010/05/22 01:54:59 | 000,003,998 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3C38EC1A-4130-414F-BE6D-E79F27F622FC.txt
[2010/05/21 23:40:19 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\3C38EC1A-4130-414F-BE6D-E79F27F622FC.txt
[2010/05/20 18:56:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/03/18 18:06:12 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/05 21:13:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007/01/06 18:01:47 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/06/14 13:02:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/14 13:02:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/14 13:02:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/14 13:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/14 13:02:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/01/21 06:02:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/03/27 03:00:00 | 000,005,599 | -HS- | C] () -- C:\WINDOWS\System32\parffilt.ini
[2002/02/14 03:20:32 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/02/13 21:07:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/13 21:03:31 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2002/02/13 20:27:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll
[2002/02/13 20:27:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll
[2002/02/13 20:27:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll
[2002/02/13 20:00:05 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
========== LOP Check ==========
[2010/05/27 00:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/30 21:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/04/01 18:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/05/30 16:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\BitDefender
[2010/05/28 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\OpenOffice.org
[2010/06/06 02:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\QuickScan
[2010/05/25 22:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\TeamViewer
[2010/05/27 00:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Thunderbird
[2010/06/08 01:38:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/07 21:02:52 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2002/02/13 19:35:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/31 21:18:06 | 000,004,427 | ---- | M] () -- C:\bdlog.txt
[2006/12/27 07:11:51 | 000,000,228 | RHS- | M] () -- C:\boot.ini
[2004/08/05 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2002/02/13 19:35:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/28 17:37:28 | 000,000,910 | ---- | M] () -- C:\FyK.txt
[2002/02/13 19:35:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/02/13 19:35:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/05 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/22 22:21:34 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010/06/07 20:58:54 | 780,140,544 | -HS- | M] () -- C:\pagefile.sys
[2007/07/22 22:44:37 | 000,000,490 | ---- | M] () -- C:\Redemption.ECF
[2010/01/09 19:57:11 | 000,000,011 | ---- | M] () -- C:\trace.ini
[2010/06/05 17:09:22 | 000,000,294 | ---- | M] () -- C:\VundoFix.txt
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2002/02/13 20:25:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/02/13 20:25:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/02/13 20:25:59 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 04:33:48 | 000,579,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 04:33:49 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\system32\ws2_32.dll
< End of report >
OTL Extras logfile created on: 08/06/2010 17:24:33 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Bernard Lévêque\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
495,00 Mb Total Physical Memory | 196,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 13,09 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
Drive D: | 42,78 Gb Total Space | 42,61 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BERNARD-LAPTOP
Current User Name: Bernard Lévêque
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{2A6F953D-E20A-4484-8E82-4A0BE2C25D21}" = Motorola Phone Tools
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{E34D953E-FE88-4828-B407-8FD29341D36B}" = Motorola Phone Tools
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"3BEF1AFDE8303306594E2ADA27520E6E700820AE" = Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem v6081
"avast5" = avast! Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"legacyqcam_10.50" = Coffret de pilotes Logitech Legacy USB Camera
"lvdrivers_11.50" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SFR_Kit" = SFR - Kit de connexion
"TeamViewer 5 Host" = TeamViewer 5 Host
"TMM70" = TELL ME MORE
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07/06/2010 09:32:11 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 489
Description = wuauclt (5156) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).
Error - 07/06/2010 09:32:11 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 455
Description = wuaueng.dll (5156) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 07/06/2010 09:32:24 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 489
Description = wuauclt (5156) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).
Error - 07/06/2010 09:32:24 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 455
Description = wuaueng.dll (5156) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 07/06/2010 15:02:17 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally
Error - 07/06/2010 15:02:18 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.
Error - 07/06/2010 19:02:40 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally
Error - 07/06/2010 23:02:53 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally
Error - 08/06/2010 03:03:06 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally
Error - 08/06/2010 07:03:22 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally
[ System Events ]
Error - 07/06/2010 14:45:31 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
SENS à une transaction.
Error - 07/06/2010 14:45:58 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
W32Time à une transaction.
Error - 07/06/2010 14:47:16 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
wuauserv à une transaction.
Error - 07/06/2010 14:47:40 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
RasMan à une transaction.
Error - 07/06/2010 14:59:08 | Computer Name = BERNARD-LAPTOP | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.41 pour la carte réseau dont l'adresse
réseau est 0013D37AC612 a été refusé par le serveur DHCP 192.168.2.1 (celui-ci a
envoyé un message DHCPNACK).
Error - 07/06/2010 14:59:24 | Computer Name = BERNARD-LAPTOP | Source = Ftdisk | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.
Error - 07/06/2010 14:59:24 | Computer Name = BERNARD-LAPTOP | Source = Ftdisk | ID = 262193
Description = Échec de la configuration du fichier d'échange pour le vidage sur
incident. Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage
et
qu'il est suffisamment grand pour contenir toute la mémoire physique.
Error - 07/06/2010 15:00:34 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7023
Description = Le service NVIDIA nForce Networking Controller Support s'est arrêté
avec l'erreur : %%126
Error - 07/06/2010 15:00:34 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1060
Error - 07/06/2010 19:20:09 | Computer Name = BERNARD-LAPTOP | Source = Windows Update Agent | ID = 16
Description = Connexion impossible : Windows ne parvient pas à se connecter au service
Mises à jour automatiques et ne peut donc pas procéder au téléchargement et à l'installation
des mises à jour définies par la planification. Windows continuera d'essayer d'établir
la connexion.
< End of report >
Thanks.
JB
Edited by jbleveque, 11 June 2010 - 12:37 PM.