Répondre à : mon pc est infecté par un virus 2016-09-08T13:28:38+00:00
Anonyme
Nombre d'articles : 0

OTL Extras logfile created on: 06/01/2014 14:19:24 – Run 1
OTL by OldTimer – Version 3.2.69.0 Folder = C:Documents and SettingsADMINMes documentsTéléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) – Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1015,48 Mb Total Physical Memory | 469,20 Mb Available Physical Memory | 46,20% Memory free
1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): C:pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 37,27 Gb Total Space | 25,93 Gb Free Space | 69,58% Space Free | Partition Type: NTFS

Computer Name: ADMIN-F50220F4B | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses]
.cpl [@ = cplfile] — rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

[HKEY_USERSS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREClasses]
.html [@ = FirefoxHTML] — C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
batfile [open] — “%1” %*
cmdfile [open] — “%1” %*
comfile [open] — “%1” %*
cplfile [cplopen] — rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open] — “%1” %*
htmlfile [edit] — Reg Error: Key error.
http [open] — Reg Error: Key error.
https [open] — Reg Error: Key error.
piffile [open] — “%1” %*
regfile [merge] — Reg Error: Key error.
scrfile [config] — “%1”
scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] — “%1” /S
txtfile [edit] — Reg Error: Key error.
Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –playlist-enqueue “%1” ()
Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –no-playlist-enqueue “%1” ()
Folder [open] — %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] — %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 1
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]
“Start” = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
“1900:UDP” = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
“%windir%Network Diagnosticxpnetdiag.exe” = %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 — (Microsoft Corporation)
“%windir%system32sessmgr.exe” = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 — (Microsoft Corporation)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
“%windir%Network Diagnosticxpnetdiag.exe” = %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 — (Microsoft Corporation)
“%windir%system32sessmgr.exe” = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 — (Microsoft Corporation)
“C:Program FilesFichiers communsAppleApple Application SupportWebKit2WebProcess.exe” = C:Program FilesFichiers communsAppleApple Application SupportWebKit2WebProcess.exe:*:Enabled:WebKit — (Apple Inc.)
“C:Program FilesBonjourmDNSResponder.exe” = C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Service Bonjour — (Apple Inc.)
“C:Program FilesiTunesiTunes.exe” = C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes — (Apple Inc.)
“C:WINDOWSsystem32dmwu.exe” = C:WINDOWSsystem32dmwu.exe:*:Enabled:dmwu
“C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE” = C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook — (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
“{0A17C91C-A455-3E89-B8B7-44E192F79635}” = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
“{122ADF8C-DDA1-480C-9936-C88F2825B265}” = Apple Application Support
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148
“{26A24AE4-039D-4CA4-87B4-2F83217017FF}” = Java 7 Update 21
“{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{446DCD16-F917-4C7A-AC2B-0DD44982EB66}” = Brother HL-2035
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM
“{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}” = iTunes
“{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update
“{79155F2B-9895-49D7-8612-D92580E0DE5B}” = Bonjour
“{7BB045C3-D5E4-4620-B536-DC11AACD5942}” = Broadcom Management Programs
“{7BC3F814-5249-4653-87E7-ABD402D2C197}” = Classic PhoneTools
“{7E0610A2-E336-40B3-B685-C4905E97EC9A}” = OpenOffice.org 3.3
“{8A708DD8-A5E6-11D4-A706-000629E95E20}” = Intel(R) Extreme Graphics 2 Driver
“{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}” = Apple Mobile Device Support
“{90120000-0010-040C-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (French) 12
“{90120000-0011-0000-0000-0000000FF1CE}” = Microsoft Office Professional Plus 2007
“{90120000-0015-040C-0000-0000000FF1CE}” = Microsoft Office Access MUI (French) 2007
“{90120000-0016-040C-0000-0000000FF1CE}” = Microsoft Office Excel MUI (French) 2007
“{90120000-0018-040C-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (French) 2007
“{90120000-0019-040C-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (French) 2007
“{90120000-001A-040C-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (French) 2007
“{90120000-001B-040C-0000-0000000FF1CE}” = Microsoft Office Word MUI (French) 2007
“{90120000-001F-0401-0000-0000000FF1CE}” = Microsoft Office Proof (Arabic) 2007
“{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007
“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
“{90120000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2007
“{90120000-001F-0413-0000-0000000FF1CE}” = Microsoft Office Proof (Dutch) 2007
“{90120000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2007
“{90120000-002C-040C-0000-0000000FF1CE}” = Microsoft Office Proofing (French) 2007
“{90120000-0044-040C-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (French) 2007
“{90120000-006E-040C-0000-0000000FF1CE}” = Microsoft Office Shared MUI (French) 2007
“{AC76BA86-7AD7-1036-7B44-A93000000001}” = Adobe Reader 9.3 – Français
“{B83E0346-D2D0-11D5-A9AE-00105AA9E047}” = U.S. Robotics ControlCenter
“{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}” = Updater
“{E3436EE2-D5CB-4249-840B-3A0140CC34C3}” = Classic PhoneTools
“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX
“{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219
“{F54E13CE-D3A5-3916-A1FB-A8169B9E1055}” = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack – FRA
“{F870B987-18BC-45FC-9BE8-35C02DCDA10F}” = Broadcom NetXtreme Ethernet Controller
“Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin
“Adobe Shockwave Player” = Adobe Shockwave Player 12.0
“CCleaner” = CCleaner
“ie8” = Windows Internet Explorer 8
“Microsoft Visual Studio 2010 Tools for Office Runtime (x86)” = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
“Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack – FRA” = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x86) – FRA
“Mozilla Firefox 25.0 (x86 fr)” = Mozilla Firefox 25.0 (x86 fr)
“MozillaMaintenanceService” = Mozilla Maintenance Service
“PROPLUS” = Microsoft Office Professional Plus 2007
“TubeDimmer” = Tube Dimmer
“Usbfix” = UsbFix
“VLC media player” = VLC media player 1.1.11
“WinRAR archiver” = WinRAR 5.01 (32-bit)
“ZHPFix_is1” = ZHPFix 2013

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
“VisualBee for Microsoft PowerPoint” = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error – 31/12/2013 10:15:28 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
Description = Produit : Java 7 Update 45 — Erreur 1500. Une autre installation
est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error – 31/12/2013 10:15:30 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
Description = Produit : Java 7 Update 45 — Erreur 1500. Une autre installation
est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error – 31/12/2013 10:15:33 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
Description = Produit : Java 7 Update 45 — Erreur 1500. Une autre installation
est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error – 31/12/2013 10:44:41 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error – 31/12/2013 10:44:42 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error – 31/12/2013 10:44:45 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error – 31/12/2013 13:10:34 | Computer Name = ADMIN-F50220F4B | Source = Application Error | ID = 1000
Description = Application défaillante setup.exe, version 12.0.0.58849, module défaillant
setup.exe, version 12.0.0.58849, adresse de défaillance 0x0001e7b9.

Error – 31/12/2013 13:10:46 | Computer Name = ADMIN-F50220F4B | Source = Application Error | ID = 1000
Description = Application défaillante setup.exe, version 12.0.0.58849, module défaillant
setup.exe, version 12.0.0.58849, adresse de défaillance 0x0001e7b9.

Error – 01/01/2014 02:55:04 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 12.0.4518.1014, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error – 01/01/2014 12:20:53 | Computer Name = ADMIN-F50220F4B | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
faulting module mshtml.dll, version 8.0.6001.23543, stamp 526f6a4f, debug? 0, fault
address 0x00060b3f.

[ OSession Events ]
Error – 01/01/2014 12:20:45 | Computer Name = ADMIN-F50220F4B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1743
seconds with 1200 seconds of active time. This session ended with a crash.

[ System Events ]
Error – 31/12/2013 00:45:33 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:45:37 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:45:58 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:46:02 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:46:23 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:46:27 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:46:50 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:46:54 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:47:16 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

Error – 31/12/2013 00:47:20 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
les protocoles configurés.

2EMME/

OTL logfile created on: 06/01/2014 14:19:24 – Run 1
OTL by OldTimer – Version 3.2.69.0 Folder = C:Documents and SettingsADMINMes documentsTéléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) – Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1015,48 Mb Total Physical Memory | 469,20 Mb Available Physical Memory | 46,20% Memory free
1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): C:pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 37,27 Gb Total Space | 25,93 Gb Free Space | 69,58% Space Free | Partition Type: NTFS

Computer Name: ADMIN-F50220F4B | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC – [2014/01/06 14:13:41 | 000,602,112 | —- | M] (OldTimer Tools) — C:Documents and SettingsADMINMes documentsTéléchargementsOTL.exe
PRC – [2013/12/31 07:38:46 | 000,275,568 | —- | M] (Mozilla Corporation) — C:Program FilesMozilla Firefoxfirefox.exe
PRC – [2012/05/24 12:28:56 | 000,055,184 | —- | M] (Apple Inc.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
PRC – [2010/09/07 17:12:02 | 002,838,912 | —- | M] (AVAST Software) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
PRC – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
PRC – [2008/04/14 13:00:00 | 001,037,824 | —- | M] (Microsoft Corporation) — C:WINDOWSexplorer.exe
PRC – [2002/09/20 16:50:10 | 000,045,056 | —- | M] (Analog Devices, Inc.) — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

========== Modules (No Company Name) ==========

MOD – [2014/01/06 00:07:15 | 002,244,608 | —- | M] () — C:Program FilesAlwil SoftwareAvast5defs14010501algo.dll
MOD – [2013/12/31 07:38:42 | 003,559,024 | —- | M] () — C:Program FilesMozilla Firefoxmozjs.dll
MOD – [2012/05/30 19:06:48 | 000,087,912 | —- | M] () — C:Program FilesFichiers communsAppleApple Application Supportzlib1.dll
MOD – [2012/05/30 19:06:30 | 001,242,512 | —- | M] () — C:Program FilesFichiers communsAppleApple Application Supportlibxml2.dll
MOD – [2010/09/07 17:13:40 | 000,142,872 | —- | M] () — C:Program FilesAlwil SoftwareAvast5aswDld.dll

========== Services (SafeList) ==========

SRV – [2013/11/11 19:57:30 | 000,119,408 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] — C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe — (MozillaMaintenance)
SRV – [2012/05/24 12:28:56 | 000,055,184 | —- | M] (Apple Inc.) [Auto | Running] — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe — (Apple Mobile Device)
SRV – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) [On_Demand | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Web Scanner)
SRV – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) [On_Demand | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Mail Scanner)
SRV – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) [Auto | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Antivirus)
SRV – [2006/10/26 19:49:34 | 000,441,136 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] — C:Program FilesFichiers communsMicrosoft SharedOFFICE12ODSERV.EXE — (odserv)
SRV – [2006/10/26 14:03:08 | 000,145,184 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] — C:Program FilesFichiers communsMicrosoft SharedSource EngineOSE.EXE — (ose)
SRV – [2002/09/20 16:50:10 | 000,045,056 | —- | M] (Analog Devices, Inc.) [Auto | Running] — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe — (SoundMAX Agent Service (default)

========== Driver Services (SafeList) ==========

DRV – File not found [Kernel | On_Demand | Stopped] — — (WDICA)
DRV – File not found [Kernel | On_Demand | Stopped] — — (PDRFRAME)
DRV – File not found [Kernel | On_Demand | Stopped] — — (PDRELI)
DRV – File not found [Kernel | On_Demand | Stopped] — — (PDFRAME)
DRV – File not found [Kernel | On_Demand | Stopped] — — (PDCOMP)
DRV – File not found [Kernel | System | Stopped] — — (PCIDump)
DRV – File not found [Kernel | System | Stopped] — — (lbrtfdc)
DRV – File not found [Kernel | System | Stopped] — — (i2omgmt)
DRV – File not found [Kernel | System | Stopped] — — (Changer)
DRV – File not found [Kernel | Boot | Stopped] — — (cerc6)
DRV – [2010/09/07 16:52:25 | 000,046,672 | —- | M] (AVAST Software) [Kernel | System | Running] — C:WINDOWSSystem32driversaswTdi.sys — (aswTdi)
DRV – [2010/09/07 16:52:03 | 000,165,584 | —- | M] (AVAST Software) [Kernel | System | Running] — C:WINDOWSSystem32driversaswSP.sys — (aswSP)
DRV – [2010/09/07 16:47:46 | 000,023,376 | —- | M] (AVAST Software) [Kernel | On_Demand | Running] — C:WINDOWSSystem32driversaswRdr.sys — (aswRdr)
DRV – [2010/09/07 16:47:19 | 000,100,176 | —- | M] (AVAST Software) [File_System | Auto | Running] — C:WINDOWSSystem32driversaswmon2.sys — (aswMon2)
DRV – [2010/09/07 16:47:07 | 000,017,744 | —- | M] (AVAST Software) [File_System | Auto | Running] — C:WINDOWSSystem32driversaswFsBlk.sys — (aswFsBlk)
DRV – [2010/09/07 16:46:51 | 000,028,880 | —- | M] (AVAST Software) [Kernel | System | Running] — C:WINDOWSSystem32driversaavmker4.sys — (Aavmker4)
DRV – [2008/07/25 01:18:32 | 000,176,640 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversb57xp32.sys — (b57w2k)
DRV – [2008/06/06 09:15:40 | 000,098,816 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversbaspxp32.sys — (Blfp)
DRV – [2007/07/18 19:39:00 | 000,284,964 | R— | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversRTL8187B.sys — (RTL8187B)
DRV – [2000/07/24 01:01:00 | 000,019,537 | —- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] — C:WINDOWSsystem32driversBRPAR.SYS — (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com” onclick=”window.open(this.href);return false;
IE – HKLM..SearchScopes,DefaultScope =
IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q=” onclick=”window.open(this.href);return false;{searchTerms}&FORM=IE8SRC

IE – HKU.DEFAULT..SearchScopes,DefaultScope =
IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-18..SearchScopes,DefaultScope =
IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-19..SearchScopes,DefaultScope =

IE – HKUS-1-5-20..SearchScopes,DefaultScope =

IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com” onclick=”window.open(this.href);return false;
IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003..SearchScopes,DefaultScope =
IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://start.mysearchdial.com/results.php?f=4&q=” onclick=”window.open(this.href);return false;{searchTerms}&a=tele0101&cd=2XzuyEtN2Y1L1QzutDtDtD0FtBtD0F0BzzyD0ByC0AyCyB0FtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=704882683&ir=
IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003..SearchScopes{88B9D39F-00FB-4A7A-9CDE-F9F3D816751E}: “URL” = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q=” onclick=”window.open(this.href);return false;{searchTerms}&locale=fr_FR&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^FR&apn_uid=E6A778D9-AE78-4275-B000-907BC4B370E5&apn_sauid=1AE2AAA3-D1B4-4CED-8F35-EBD9A93B0DD1
IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyOverride” = *.local

========== FireFox ==========

FF – prefs.js..browser.search.defaultengine: “Google”
FF – prefs.js..browser.search.defaulturl: “”
FF – prefs.js..browser.startup.homepage: “www.google.fr”
FF – prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF – prefs.js..network.proxy.type: 0
FF – user.js – File not found

FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_9_900_170.dll ()
FF – HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw_1200112.dll (Adobe Systems, Inc.)
FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.21.2: C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)

FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0extensions\Components: C:Program FilesMozilla Firefoxcomponents
FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0extensions\Plugins: C:Program FilesMozilla Firefoxplugins

[2011/12/16 15:50:41 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsADMINApplication DataMozillaExtensions
[2014/01/06 13:59:25 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsADMINApplication DataMozillaFirefoxProfilesuhazm9rr.defaultextensions
[2013/12/31 12:44:57 | 000,000,000 | —D | M] (Tube Dimmer) — C:Documents and SettingsADMINApplication DataMozillaFirefoxProfilesuhazm9rr.defaultextensionssupport@tubedimmerapp.com
[2014/01/06 12:56:09 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxextensions
[2013/12/31 07:38:23 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxbrowserextensions
[2013/12/31 07:38:50 | 000,000,000 | —D | M] (Default) — C:Program FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,790 | —- | M]) – C:WINDOWSsystem32driversetchosts
O1 – Hosts: 127.0.0.1 localhost
O2 – BHO: (Adobe PDF Link Helper) – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 – BHO: (Java(tm) Plug-In SSV Helper) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre7binssv.dll (Oracle Corporation)
O2 – BHO: (Java(tm) Plug-In 2 SSV Helper) – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)
O4 – HKLM..Run: [avast5] C:Program FilesAlwil SoftwareAvast5avastUI.exe (AVAST Software)
O7 – HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 – HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 – HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 – HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O10 – NameSpace_Catalog5Catalog_Entries00000000004 [] – C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341565668968” onclick=”window.open(this.href);return false; (WUWebControl Class)
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{931A56CC-24F4-4594-A1E1-9FD0EFCEA6FE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{A05ABB70-4FA3-436F-B589-6ED1228AD179}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 – ProtocolHandlerippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} – C:Program FilesFichiers communsMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 – ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} – C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 – HKLM Winlogon: UserInit – (C:WINDOWSsystem32Userinit.exe) – C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
O24 – Desktop Components:0 (Ma page d’accueil) – About:Home
O24 – Desktop WallPaper: C:WINDOWSWebWallpaperColline verdoyante.bmp
O24 – Desktop BackupWallPaper: C:WINDOWSWebWallpaperColline verdoyante.bmp
O32 – HKLM CDRom: AutoRun – 1
O32 – AutoRun File – [2011/12/16 16:36:50 | 000,000,000 | —- | M] () – C:AUTOEXEC.BAT — [ NTFS ]
O34 – HKLM BootExecute: (autocheck autochk *)
O35 – HKLM..comfile [open] — “%1” %*
O35 – HKLM..exefile [open] — “%1” %*
O37 – HKLM…com [@ = comfile] — “%1” %*
O37 – HKLM…exe [@ = exefile] — “%1” %*
O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders – Created Within 30 Days ==========

[2014/01/06 13:55:38 | 000,000,000 | —D | C] — C:AdwCleaner
[2014/01/06 11:31:17 | 000,000,000 | —D | C] — C:backup
[2014/01/04 08:42:04 | 000,000,000 | -HSD | C] — C:found.001
[2013/12/31 18:32:11 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication DataBVRP Software
[2013/12/31 18:31:40 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesClassic PhoneTools
[2013/12/31 18:31:29 | 000,000,000 | —D | C] — C:Program FilesClassic PhoneTools
[2013/12/31 18:31:29 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataBVRP Software
[2013/12/31 18:30:18 | 000,000,000 | —D | C] — C:Documents and SettingsADMINApplication DataInstallShield
[2013/12/31 18:29:53 | 000,000,000 | —D | C] — C:Documents and SettingsADMINBureauNouveau dossier
[2013/12/31 18:29:07 | 000,000,000 | —D | C] — C:Documents and SettingsADMINApplication DataWinRAR
[2013/12/31 18:28:51 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesWinRAR
[2013/12/31 18:28:51 | 000,000,000 | —D | C] — C:Documents and SettingsADMINMenu DémarrerProgrammesWinRAR
[2013/12/31 18:28:47 | 000,000,000 | —D | C] — C:Program FilesWinRAR
[2013/12/31 18:16:33 | 006,852,616 | —- | C] (ESTsoft Corp. ) — C:Documents and SettingsADMINMes documentsALZip [1].exe
[2013/12/31 17:52:56 | 000,462,848 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32nmw3vwn.dll
[2013/12/31 17:52:56 | 000,442,368 | —- | C] (OverByte (F. Piette)) — C:WINDOWSSystem32IcsBcb30.bpl
[2013/12/31 17:52:56 | 000,066,560 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32nmorenu.dll
[2013/12/31 17:52:56 | 000,048,128 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32nmsckn.dll
[2013/12/31 17:52:56 | 000,047,616 | —- | C] (Borland International, Inc.) — C:WINDOWSSystem32dclnet35.bpl
[2013/12/31 17:52:55 | 001,455,736 | —- | C] (Borland International) — C:WINDOWSSystem32Vcl35.bpl
[2013/12/31 17:52:55 | 001,146,272 | —- | C] (TurboPower Software Company) — C:WINDOWSSystem32A303_R35.bpl
[2013/12/31 17:52:55 | 000,996,872 | —- | C] (Borland International) — C:WINDOWSSystem32Cp3240mt.dll
[2013/12/31 17:52:55 | 000,245,912 | —- | C] (Borland International) — C:WINDOWSSystem32Vclx35.bpl
[2013/12/31 17:52:55 | 000,235,512 | —- | C] (NetMasters) — C:WINDOWSSystem32Nmfast35.bpl
[2013/12/31 17:52:55 | 000,178,176 | —- | C] (devSoft Inc.) — C:WINDOWSSystem32ick.bpl
[2013/12/31 17:52:55 | 000,078,384 | —- | C] (TurboPower Software Company) — C:WINDOWSSystem32Tsr102_r.bpl
[2013/12/31 17:52:55 | 000,069,272 | —- | C] (Borland International, Inc.) — C:WINDOWSSystem32Vclsmp35.bpl
[2013/12/31 17:52:55 | 000,029,952 | —- | C] (Borland International) — C:WINDOWSSystem32Borlndmm.dll
[2013/12/31 17:52:55 | 000,018,480 | —- | C] (TurboPower Software Company) — C:WINDOWSSystem32Tsr102_r.dpl
[2013/12/31 17:52:54 | 000,085,504 | —- | C] (Blue Sky Software Corporation.) — C:WINDOWSSystem32Htmlwh.dll
[2013/12/31 17:52:54 | 000,054,784 | —- | C] (Blue Sky Software Corporation.) — C:WINDOWSSystem32Inetwh32.dll
[2013/12/31 17:52:53 | 000,169,472 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32html.ocx
[2013/12/31 17:52:53 | 000,000,000 | —D | C] — C:Program FilesU.S. Robotics
[2013/12/31 17:52:52 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesU.S. Robotics
[2013/12/31 17:51:44 | 000,000,000 | —D | C] — C:Temp
[2013/12/31 17:49:03 | 000,000,000 | R–D | C] — C:Documents and SettingsADMINApplication DataBrother
[2013/12/31 17:26:21 | 000,000,000 | —D | C] — C:WINDOWSpss
[2013/12/31 15:22:18 | 000,000,000 | RH-D | C] — C:Documents and SettingsADMINRecent
[2013/12/31 14:32:55 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesMicrosoft Office
[2013/12/31 14:31:17 | 000,000,000 | —D | C] — C:Program FilesMicrosoft Works
[2013/12/31 14:30:55 | 000,000,000 | —D | C] — C:Program FilesMSBuild
[2013/12/31 14:30:24 | 000,000,000 | —D | C] — C:Program FilesMicrosoft Visual Studio
[2013/12/31 14:30:23 | 000,000,000 | —D | C] — C:Program FilesFichiers communsDESIGNER
[2013/12/31 14:24:44 | 000,000,000 | —D | C] — C:WINDOWSSHELLNEW
[2013/12/31 14:24:29 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication DataMicrosoft Help
[2013/12/31 14:24:10 | 000,000,000 | —D | C] — C:Program FilesMicrosoft Office
[2013/12/31 14:24:07 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataMicrosoft Help
[2013/12/31 14:23:44 | 000,000,000 | RH-D | C] — C:MSOCache
[2013/12/31 14:11:15 | 000,000,000 | —D | C] — C:HP v165w (E)
[2013/12/31 12:53:02 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesZHP
[2013/12/31 12:53:00 | 000,000,000 | —D | C] — C:Program FilesZHPFix
[2013/12/31 12:53:00 | 000,000,000 | —D | C] — C:Documents and SettingsADMINApplication DataZHP
[2013/12/31 12:50:41 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataTEMP
[2013/12/31 12:49:46 | 000,000,000 | —D | C] — C:WINDOWSSystem32jmdp
[2013/12/31 12:47:01 | 000,000,000 | —D | C] — C:Documents and SettingsADMINAppData
[2013/12/31 12:46:46 | 000,632,656 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcr80.dll
[2013/12/31 12:46:46 | 000,554,832 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcp80.dll
[2013/12/31 12:46:46 | 000,479,232 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcm80.dll
[2013/12/31 12:46:46 | 000,000,000 | —D | C] — C:WINDOWSSystem32ARFC
[2013/12/31 12:46:25 | 000,000,000 | —D | C] — C:WINDOWSSystem32WNLT
[2013/12/31 12:46:13 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication DataVisualBeeClient
[2013/12/31 12:45:36 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersVisualBee
[2013/12/31 12:45:35 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication Dataemaze
[2013/12/31 12:44:57 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataUpdater
[2013/12/31 12:44:57 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataRHelpers
[2013/12/31 12:08:16 | 000,000,000 | —D | C] — C:UsbFix
[2013/12/31 07:38:22 | 000,000,000 | —D | C] — C:Program FilesMozilla Firefox
[2013/12/30 18:59:09 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesBrother HL-2035
[2013/12/30 18:59:03 | 000,111,928 | —- | C] (Brother Industries Ltd) — C:WINDOWSSystem32BRRBTOOL.EXE
[2013/12/30 18:59:01 | 000,176,128 | —- | C] (Brother Industries, Ltd.) — C:WINDOWSSystem32BROSNMP.DLL
[2013/12/30 18:59:01 | 000,077,824 | —- | C] (Brother Industries, Ltd.) — C:WINDOWSSystem32brlmw03a.dll
[2013/12/30 18:59:01 | 000,024,223 | —- | C] (Brother Industries, Ltd) — C:WINDOWSSystem32brlm03a.dll
[2013/12/30 18:59:01 | 000,019,537 | —- | C] (Brother Industries Ltd.) — C:WINDOWSSystem32driversBRPAR.SYS
[2013/12/30 18:59:01 | 000,000,000 | —D | C] — C:Program FilesBrownie
[2013/12/30 18:58:44 | 000,192,512 | —- | C] (brother) — C:WINDOWSSystem32Pdrvinst.dll
[2013/12/30 18:58:44 | 000,000,000 | —D | C] — C:Program FilesBrother
[2013/12/30 18:51:24 | 000,016,128 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcachemodemcsa.sys
[2013/12/30 18:50:45 | 000,025,856 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheusbprint.sys
[2013/12/20 17:07:05 | 000,000,000 | —D | C] — C:found.000
[3 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

========== Files – Modified Within 30 Days ==========

[2014/01/06 14:16:00 | 000,000,410 | —- | M] () — C:WINDOWStasksAt1.job
[2014/01/06 14:02:09 | 000,012,598 | —- | M] () — C:WINDOWSSystem32wpa.dbl
[2014/01/06 14:01:28 | 000,002,048 | –S- | M] () — C:WINDOWSbootstat.dat
[2014/01/06 11:33:40 | 000,002,623 | —- | M] () — C:Documents and SettingsADMINBureauMicrosoft Office Outlook 2007.lnk
[2014/01/06 00:18:08 | 000,000,058 | —- | M] () — C:Documents and SettingsADMINApplication DataWB.CFG
[2014/01/04 23:58:37 | 000,000,336 | —- | M] () — C:WINDOWSBrownie.ini
[2014/01/04 08:43:05 | 000,290,888 | —- | M] () — C:WINDOWSSystem32FNTCACHE.DAT
[2014/01/03 15:34:04 | 000,000,284 | —- | M] () — C:WINDOWStasksAppleSoftwareUpdate.job
[2014/01/03 08:59:29 | 000,002,575 | —- | M] () — C:Documents and SettingsADMINBureauMicrosoft Office Word 2007.lnk
[2014/01/01 17:04:29 | 000,000,792 | —- | M] () — C:Documents and SettingsADMINApplication DataMicrosoftInternet ExplorerQuick LaunchMicrosoft Office Outlook.lnk
[2014/01/01 16:51:51 | 000,370,832 | —- | M] () — C:WINDOWSSystem32perfh00C.dat
[2014/01/01 16:51:51 | 000,314,644 | —- | M] () — C:WINDOWSSystem32perfh009.dat
[2014/01/01 16:51:51 | 000,049,734 | —- | M] () — C:WINDOWSSystem32perfc00C.dat
[2014/01/01 16:51:51 | 000,040,972 | —- | M] () — C:WINDOWSSystem32perfc009.dat
[2013/12/31 18:32:06 | 000,001,638 | —- | M] () — C:Documents and SettingsAll UsersBureauClassic PhoneTools.lnk
[2013/12/31 18:16:33 | 006,852,616 | —- | M] (ESTsoft Corp. ) — C:Documents and SettingsADMINMes documentsALZip [1].exe
[2013/12/31 17:54:09 | 000,000,120 | —- | M] () — C:WINDOWSusrwiz.ini
[2013/12/31 17:47:08 | 000,009,030 | —- | M] () — C:WINDOWSHL-2030.INI
[2013/12/31 17:47:08 | 000,000,145 | —- | M] () — C:WINDOWSBRVIDEO.INI
[2013/12/31 17:46:53 | 000,000,425 | —- | M] () — C:WINDOWSBRWMARK.INI
[2013/12/31 17:46:53 | 000,000,054 | —- | M] () — C:WINDOWSSystem32bd2030.dat
[2013/12/31 15:23:20 | 000,020,006 | —- | M] () — C:Documents and SettingsADMINMes documentscc_20131231_152308.reg
[2013/12/31 14:55:30 | 000,692,616 | —- | M] (Adobe Systems Incorporated) — C:WINDOWSSystem32FlashPlayerApp.exe
[2013/12/31 14:55:30 | 000,071,048 | —- | M] (Adobe Systems Incorporated) — C:WINDOWSSystem32FlashPlayerCPLApp.cpl
[2013/12/31 12:53:02 | 000,001,512 | —- | M] () — C:Documents and SettingsAll UsersBureauZHPFix.lnk
[2013/12/31 08:18:06 | 000,000,000 | —- | M] () — C:Program Filesmoz_update_in_progress.lock
[2013/12/30 18:59:09 | 000,000,000 | —- | M] () — C:WINDOWSbrmx2001.ini
[2013/12/25 09:03:02 | 000,773,968 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcr100.dll
[2013/12/25 09:03:02 | 000,632,656 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcr80.dll
[2013/12/25 09:03:02 | 000,554,832 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcp80.dll
[2013/12/25 09:03:02 | 000,479,232 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcm80.dll
[2013/12/25 09:03:02 | 000,421,200 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcp100.dll
[3 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

========== Files Created – No Company Name ==========

[2014/01/01 18:16:04 | 000,000,058 | —- | C] () — C:Documents and SettingsADMINApplication DataWB.CFG
[2014/01/01 17:04:29 | 000,000,792 | —- | C] () — C:Documents and SettingsADMINApplication DataMicrosoftInternet ExplorerQuick LaunchMicrosoft Office Outlook.lnk
[2014/01/01 16:51:35 | 000,002,623 | —- | C] () — C:Documents and SettingsADMINBureauMicrosoft Office Outlook 2007.lnk
[2013/12/31 18:45:47 | 000,002,575 | —- | C] () — C:Documents and SettingsADMINBureauMicrosoft Office Word 2007.lnk
[2013/12/31 18:32:06 | 000,001,638 | —- | C] () — C:Documents and SettingsAll UsersBureauClassic PhoneTools.lnk
[2013/12/31 18:16:17 | 000,000,410 | —- | C] () — C:WINDOWStasksAt1.job
[2013/12/31 17:52:56 | 000,240,640 | —- | C] () — C:WINDOWSSystem32nmocod.dll
[2013/12/31 17:52:55 | 000,187,392 | —- | C] () — C:WINDOWSSystem32Bcbsmp35.bpl
[2013/12/31 17:52:55 | 000,036,452 | —- | C] () — C:WINDOWSSystem32Dclocx35.bpi
[2013/12/31 17:51:44 | 000,000,120 | —- | C] () — C:WINDOWSusrwiz.ini
[2013/12/31 17:44:34 | 000,000,425 | —- | C] () — C:WINDOWSBRWMARK.INI
[2013/12/31 15:23:11 | 000,020,006 | —- | C] () — C:Documents and SettingsADMINMes documentscc_20131231_152308.reg
[2013/12/31 12:53:02 | 000,001,512 | —- | C] () — C:Documents and SettingsAll UsersBureauZHPFix.lnk
[2013/12/31 12:45:35 | 000,001,342 | —- | C] () — C:Documents and SettingsADMINMenu DémarrerProgrammesCreate Amazing Presentations.lnk
[2013/12/31 08:18:06 | 000,000,000 | —- | C] () — C:Program Filesmoz_update_in_progress.lock
[2013/12/30 18:59:09 | 000,000,145 | —- | C] () — C:WINDOWSBRVIDEO.INI
[2013/12/30 18:59:09 | 000,000,000 | —- | C] () — C:WINDOWSbrmx2001.ini
[2013/12/30 18:59:01 | 000,009,030 | —- | C] () — C:WINDOWSHL-2030.INI
[2013/12/30 18:59:01 | 000,000,114 | —- | C] () — C:WINDOWSSystem32brlmw03a.ini
[2013/12/30 18:58:45 | 000,000,054 | —- | C] () — C:WINDOWSSystem32bd2030.dat
[2013/12/30 18:58:32 | 000,000,336 | —- | C] () — C:WINDOWSBrownie.ini
[2012/08/20 09:04:51 | 000,008,704 | —- | C] () — C:Documents and SettingsADMINLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 10:11:11 | 000,003,072 | —- | C] () — C:WINDOWSSystem32iacenc.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
“” = %SystemRoot%system32shdocvw.dll — [2012/04/20 20:29:44 | 001,510,912 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
“” = C:WINDOWSsystem32wbemfastprox.dll — [2009/02/09 11:53:55 | 000,473,600 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
“” = C:WINDOWSsystem32wbemwbemess.dll — [2008/04/14 13:00:00 | 000,273,920 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Both

========== Alternate Data Streams ==========

@Alternate Data Stream – 126 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:373E1720