

herisson38
Membres-
Compteur de contenus
79 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par herisson38
-
[Résolu] Virus gendarme "Please wait while the connection..."
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Merci pour vos indication !! j'ai resolu mon probleme bonne continuation !! -
[Résolu] Virus gendarme "Please wait while the connection..."
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Bonsoir j ai deja instalé OTLPE by OldTimer Version 3.1.48.0 ca fonctionnerais avec cette version ?? -
[Résolu] Virus gendarme "Please wait while the connection..."
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
tout allais bien jusqu'a ce que le logiciel hitmail me fait patienter pour se connecter a internet pour que je payer et puis au bout de plusieurs minute il se ferme!! je pense que hitman est devenu payant ! y aurais pas un autre moyen?? -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
tu va rire mais j'arrive pas a mettre resolu dans mon premier post ?? je trouve pas le "modifier"??? -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Merci pour l'info !!! -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
ok Merci Pour ton efficacité et ta patiente !!!! super sympas !!! merci................... -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
je pense avoir réussi pour mon probleme de windows update suite a ton Topic je viens de m'apercevoir que je n ai plus l'icone de desinstalation de periphique dans ma barre de tache je sais pas si je suis dans le bon forum pour ce probleme? -
Bonsoir, Le pc de ma fille est infercté parle virus gendarme, d'apres vos Topic j' ai installé OTL par le biais d'un CD et fait le scan OTL mais quoi faire apres ?? Rapport OTL qui est le suivant : OTL logfile created on: 1/23/2014 7:42:56 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 895.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 74.00% Memory free 807.00 Mb Paging File | 712.00 Mb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 100.93 Gb Total Space | 65.67 Gb Free Space | 65.06% Space Free | Partition Type: NTFS Drive D: | 10.85 Gb Total Space | 0.44 Gb Free Space | 4.03% Space Free | Partition Type: NTFS Drive E: | 7.52 Gb Total Space | 0.96 Gb Free Space | 12.81% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - [2012/04/10 09:49:26 | 000,078,848 | ---- | M] () [Auto] -- C:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL -- (SPService) SRV - [2012/02/19 07:24:31 | 000,031,744 | ---- | M] (Provtech Limited) [Auto] -- C:\WINDOWS\TEMP\gfyxph\setup.exe -- (AMService) SRV - [2011/10/24 15:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/08/28 15:22:56 | 000,077,824 | ---- | M] (France Telecom SA) [Auto] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/04/13 21:34:23 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\WINDOWS\system32\bc_prt_f.dll -- (intcazaudaddservice) SRV - [2007/05/08 01:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007/04/26 21:57:40 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan) SRV - [2007/04/26 21:57:38 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten) SRV - [2007/04/26 21:54:04 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc) SRV - [2007/04/19 06:35:46 | 000,075,304 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/03/29 10:50:50 | 000,221,184 | ---- | M] (SafeBoot International) [Auto] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007/01/04 13:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/06 06:31:14 | 000,887,544 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006/11/01 04:17:32 | 000,073,728 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2006/10/26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/01/06 04:25:56 | 000,024,576 | ---- | M] (Oki Data Corporation) [On_Demand] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE -- (OKI OPHC DCS Loader) SRV - [2004/10/21 20:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2009/12/04 09:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter) DRV - [2009/12/04 09:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter) DRV - [2009/12/04 09:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys -- (VSApiNt) DRV - [2009/06/22 06:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2009/05/29 17:31:22 | 000,107,520 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP) DRV - [2009/05/29 17:31:22 | 000,066,560 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS) DRV - [2009/05/29 17:31:22 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER) DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (ExCresSoft) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/02/19 21:52:54 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008/02/19 21:52:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2007/12/24 10:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2007/10/15 09:27:10 | 000,099,200 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2007/10/15 09:27:10 | 000,099,200 | R--- | M] (Novatel Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem) DRV - [2007/05/06 20:00:06 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/04/10 08:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/03/29 09:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007/03/22 03:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW) DRV - [2007/02/27 05:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink DRV - [2007/02/14 09:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/02/14 09:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/02/14 09:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007/02/14 09:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007/02/14 09:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007/02/07 04:23:20 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007/02/07 04:22:46 | 000,100,495 | ---- | M] (SafeBoot International) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007/02/02 11:03:26 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/11/30 04:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/11/01 18:47:28 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/10/09 06:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2006/09/19 11:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006/07/23 18:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006/07/23 18:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2006/07/01 15:42:58 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/06/28 03:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2001/08/23 10:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\__sbs_netsetup___ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\__sbs_netsetup___ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\__sbs_netsetup___ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = IE - HKU\administrateur.FILORGA_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb IE - HKU\administrateur.FILORGA_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://companyweb IE - HKU\administrateur.FILORGA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb IE - HKU\administrateur.FILORGA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LA_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb IE - HKU\LA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb IE - HKU\LA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\pn_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb IE - HKU\pn_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ IE - HKU\pn_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\pn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\pn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.0.*;<local> IE - HKU\pn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.253:3128 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/11 09:47:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/11 09:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/11 09:47:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/01 13:17:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/03/01 13:17:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/01 13:17:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/03/01 13:17:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2012/03/01 13:17:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/03/01 13:17:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\pn_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorICON505] C:\Program Files\CardDetector\ICON505\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QJa8hs7QNbxt4uL] C:\Documents and Settings\pn\Application Data\ram_reserver64.exe () O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [update] C:\WINDOWS\system32\wpbt0.dll () O4 - HKLM..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe () O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKU\.DEFAULT..\Run: [QJa8hs7QNbxt4uL] File not found O4 - HKU\__sbs_netsetup___ON_C..\Run: [] File not found O4 - HKU\__sbs_netsetup___ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\__sbs_netsetup___ON_C..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\administrateur.FILORGA_ON_C..\Run: [] File not found O4 - HKU\administrateur.FILORGA_ON_C..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\administrateur.FILORGA_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\administrateur.FILORGA_ON_C..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\Administrateur_ON_C..\Run: [] File not found O4 - HKU\Administrateur_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\Administrateur_ON_C..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\LA_ON_C..\Run: [] File not found O4 - HKU\LA_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\LA_ON_C..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\pn_ON_C..\Run: [] File not found O4 - HKU\pn_ON_C..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\pn_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\pn_ON_C..\Run: [QJa8hs7QNbxt4uL] C:\Documents and Settings\pn\Application Data\ram_reserver64.exe () O4 - HKU\pn_ON_C..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\pn_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NewShortcut1.lnk = C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe () O4 - Startup: C:\Documents and Settings\pn\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\__sbs_netsetup___ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\administrateur.FILORGA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\pn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\pn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\pn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\pn_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FILORGA.local O18 - Protocol\Handler\ActLink {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - C:\Program Files\Sage Contact\actlink.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\pn\Application Data\ram_reserver64.exe) - C:\Documents and Settings\pn\Application Data\ram_reserver64.exe () O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\pn\Application Data\ram_reserver64.exe) - C:\Documents and Settings\pn\Application Data\ram_reserver64.exe () O20 - HKU\.DEFAULT Winlogon: Shell - (\ram_reserver64.exe) - File not found O20 - HKU\.DEFAULT Winlogon: UserInit - (\ram_reserver64.exe) - File not found O20 - HKU\pn_ON_C Winlogon: Shell - (C:\Documents and Settings\pn\Application Data\ram_reserver64.exe) - C:\Documents and Settings\pn\Application Data\ram_reserver64.exe () O20 - HKU\pn_ON_C Winlogon: UserInit - (C:\Documents and Settings\pn\Application Data\ram_reserver64.exe) - C:\Documents and Settings\pn\Application Data\ram_reserver64.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\gyeuses: DllName - C:\Documents and Settings\NetworkService\Local Settings\Application Data\gyeuses.dll - C:\Documents and Settings\NetworkService\Local Settings\Application Data\gyeuses.dll () O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Wide.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Wide.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 18:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/04/30 10:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2e42b6be-a88e-11dc-a038-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{2e42b6be-a88e-11dc-a038-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 O33 - MountPoints2\{bc2ffd1e-49d8-11de-a0d6-001a73946941}\Shell - "" = AutoRun O33 - MountPoints2\{bc2ffd1e-49d8-11de-a0d6-001a73946941}\Shell\AutoRun\command - "" = F:\starter.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: intcazaudaddservice - C:\WINDOWS\system32\bc_prt_f.dll (Oak Technology Inc.) NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: {tlMe4VA9-8LXI-r4nq-LmM7-2PRL0gJFErMy} - ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: ccc-core-static - msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb ActiveX: Microsoft Base Smart Card Crypto Provider Package - ========== Files/Folders - Created Within 30 Days ========== [2014/01/18 19:41:02 | 000,114,688 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/01/22 16:37:55 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC46F289-37E2-46C2-8FD3-C3610DFE4D99}.job [2014/01/22 16:36:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/01/22 16:36:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/01/22 16:35:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At45.job [2014/01/22 16:35:30 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At46.job [2014/01/22 16:34:56 | 000,114,688 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe [2014/01/22 16:34:37 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd [2014/01/22 16:34:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/01/22 16:34:09 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys [2014/01/19 06:08:11 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/01/18 19:35:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2014/01/18 19:35:26 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/11/21 13:09:35 | 000,182,784 | ---- | C] () -- C:\Documents and Settings\pn\Application Data\ram_reserver64.exe [2012/07/10 09:35:02 | 000,087,176 | ---- | C] () -- C:\WINDOWS\System32\rn1rwyD.com [2012/04/25 04:51:12 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\wpbt0.dll [2012/04/24 06:35:02 | 000,087,176 | ---- | C] () -- C:\WINDOWS\System32\rn1rwyD.com_ [2012/02/26 09:24:59 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\gyeuses.dll [2012/02/18 13:29:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uio1U81.dat [2012/01/27 07:37:00 | 000,009,023 | ---- | C] () -- C:\Documents and Settings\pn\Application Data\e8f2836e [2012/01/27 07:36:59 | 000,009,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ec640112 [2012/01/27 07:36:59 | 000,009,072 | ---- | C] () -- C:\Documents and Settings\pn\Local Settings\Application Data\9e2d0950 [2012/01/21 06:55:52 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/01/21 06:55:52 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/01/21 06:55:22 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012/01/21 06:55:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2012/01/21 06:54:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2012/01/21 06:54:30 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2012/01/21 06:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012/01/21 06:54:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2012/01/21 06:46:30 | 000,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011/09/30 17:34:39 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\pn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/05 11:27:42 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2009/12/02 12:19:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/09/17 03:05:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\LA\Local Settings\Application Data\fusioncache.dat [2009/07/24 04:52:06 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\pn\Application Data\usb.dat [2008/07/01 10:19:44 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Administrateur\Application Data\$_hpcst$.hpc [2008/01/09 11:36:49 | 000,000,077 | ---- | C] () -- C:\WINDOWS\OPHC.INI [2007/12/12 12:24:09 | 000,192,585 | ---- | C] () -- C:\WINDOWS\System32\ActExt.dll [2007/12/12 12:24:09 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ActAB32.dll [2007/12/12 12:15:15 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\pn\Application Data\$_hpcst$.hpc [2007/12/12 12:07:18 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\pn\Local Settings\Application Data\fusioncache.dat [2007/12/12 11:38:11 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\administrateur.FILORGA\Application Data\$_hpcst$.hpc [2007/12/12 11:26:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/12/12 11:17:13 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\SAGEPERS.DLL [2007/12/12 11:11:22 | 000,008,860 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2007/12/12 11:08:43 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\administrateur.FILORGA\Local Settings\Application Data\fusioncache.dat [2007/12/12 11:05:07 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\__sbs_netsetup__\Local Settings\Application Data\fusioncache.dat [2007/12/12 03:45:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007/12/12 03:45:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007/12/12 03:45:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007/12/12 03:45:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007/12/12 03:45:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007/12/12 03:45:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007/07/26 19:13:08 | 000,029,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007/07/26 19:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2007/07/26 18:51:18 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [2007/02/06 09:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/02/06 08:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007/02/02 10:40:12 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2007/01/30 07:21:34 | 000,128,813 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2007/01/19 09:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/18 16:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/18 16:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2004/08/17 03:26:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/08/17 03:26:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/17 03:20:54 | 000,525,904 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2004/08/17 03:20:54 | 000,455,530 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/17 03:20:54 | 000,089,762 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2004/08/17 03:20:54 | 000,075,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/17 03:19:30 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/17 03:13:18 | 000,185,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/17 03:08:22 | 000,005,387 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/17 03:05:26 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/08/05 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/05 03:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/05 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/05 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/05 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/05 03:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/05 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/05 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/05 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/05 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1998/05/06 21:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2007/12/12 12:28:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView [2007/12/12 12:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\__sbs_netsetup__\Application Data\SampleView [2008/10/02 06:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrateur.FILORGA\Application Data\Sage [2007/12/12 12:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrateur.FILORGA\Application Data\SampleView [2007/12/12 12:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SampleView [2007/12/12 12:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LA\Application Data\SampleView [2009/05/06 02:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\InterVideo [2009/09/29 07:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\ntr [2012/03/02 04:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\OpenOffice.org [2011/11/02 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\PriceGong [2007/12/12 12:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\Sage [2007/12/12 12:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\SampleView [2012/04/25 07:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pn\Application Data\uTorrent [2009/01/19 15:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DartyBox [2008/10/02 06:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage [2012/01/21 06:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/11/02 11:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM [2012/01/07 15:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2007/12/12 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2012/04/25 17:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2012/04/25 17:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2012/03/18 04:35:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2012/03/18 04:36:26 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2012/04/18 04:39:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2012/04/18 04:37:55 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2012/04/24 05:36:10 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job [2012/04/24 05:36:10 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job [2012/04/25 06:37:24 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job [2012/04/25 06:35:57 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job [2012/04/25 07:35:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job [2014/01/18 19:35:26 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2012/04/25 07:37:04 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job [2012/07/10 08:38:37 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job [2012/07/10 08:40:37 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job [2012/07/10 09:35:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job [2012/07/10 09:36:12 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job [2012/07/10 10:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job [2012/07/10 10:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job [2012/07/10 11:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job [2012/07/10 11:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job [2012/07/10 12:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job [2014/01/18 19:35:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2012/07/10 12:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job [2012/04/25 13:35:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job [2012/04/25 13:36:33 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job [2012/04/25 14:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job [2012/04/25 14:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job [2014/01/22 16:35:53 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job [2014/01/22 16:35:30 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job [2012/04/25 16:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job [2012/04/25 16:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job [2012/04/23 19:35:16 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2012/04/23 19:35:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2012/02/18 13:29:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2012/02/18 13:29:06 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2014/01/22 16:37:55 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC46F289-37E2-46C2-8FD3-C3610DFE4D99}.job ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2004/08/05 03:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 08:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 08:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: USERINIT.EXE > [2004/08/05 03:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/05 03:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < %SYSTEMDRIVE%\*.exe > [2012/04/25 08:48:31 | 000,182,784 | ---- | M] () -- C:\ram_reserver64.exe [2001/05/24 06:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:55:26 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2011/11/04 14:13:28 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2011/11/04 14:13:28 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/13 21:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/13 21:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2011/01/21 09:44:12 | 008,518,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\syswow64\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\syswow64\drivers\*.sys /lockedfiles > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/11 09:47:36 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/11 09:47:36 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/11 09:47:36 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/11 09:47:49 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/11 09:47:49 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/11 09:47:49 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 07:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 07:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/11 09:47:36 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/11 09:47:36 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/11 09:47:36 | 000,836,840 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/11 09:47:49 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/11 09:47:49 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/11 09:47:49 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 07:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 07:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < CREATERESTOREPOINT > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB62280$] -> -> Unknown point type < End of report > merci par avance ...
-
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Bonjour, je viens de terminer et quand je lance windows Update c'est toujours page blanche .. -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
le fix de Microsoft ?? c'esr quoi? -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
ok noté -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Rapport de ZHPFix 2013.12.14.5 par Nicolas Coolman, Update du 06/12/2013 Fichier d'export Registre : Run by Seabra Alvaro at 22/01/2014 21:08:15 High Elevated Privileges : OK Windows XP Professional Service Pack 3 (Build 2600) Corbeille vidée (00mn 04s) Réparation des raccourcis navigateur ========== Clés du Registre ========== SUPPRIMÉ: HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B} SUPPRIMÉ: HKCU\Software\USyndication SUPPRIMÉ: HKCU\Software\usyndication.com ========== Valeurs du Registre ========== SUPPRIMÉ: FirewallRaz (SP) : %windir%\system32\sessmgr.exe SUPPRIMÉ: FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe SUPPRIMÉ: FirewallRaz (SP) : C:\Program Files\Remote Control PC\apc_host.exe SUPPRIMÉ: FirewallRaz (SP) : C:\WINDOWS\system32\dmwu.exe SUPPRIMÉ: FirewallRaz (SP) : E:\FRANCAIS\EdiMax\Installer\FirstTimeInstaller.exe SUPPRIMÉ: FirewallRaz (DP) : %windir%\system32\sessmgr.exe SUPPRIMÉ: FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ProxyFix : Configuration proxy supprimée avec succès SUPPRIMÉ ProxyServer Value SUPPRIMÉ ProxyEnable Value SUPPRIMÉ EnableHttp1_1 Value SUPPRIMÉ ProxyHttp1.1 Value SUPPRIMÉ ProxyOverride Value ========== Dossiers ========== SUPPRIMÉS Temporaires Windows (3) SUPPRIMÉS Flash Cookies (4) ========== Fichiers ========== SUPPRIMÉ: C:\Windows\Installer\402056.msi SUPPRIMÉ: C:\Windows\Installer\40205c.msi SUPPRIMÉS Temporaires Windows (18) (1 162 572 octets) SUPPRIMÉS Flash Cookies (0) (0 octets) ========== Récapitulatif ========== 3 : Clés du Registre 14 : Valeurs du Registre 2 : Dossiers 4 : Fichiers End of clean in 00mn 05s ========== Chemin de fichier rapport ========== C:\Documents and Settings\Seabra Alvaro\Application Data\ZHP\ZHPFix[R1].txt - 22/01/2014 21:08:20 [1823] -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
j'ai resussi a installer ZHP apres avoir desactivé mon antivirus voici le rapport ZHPDiag: ~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014) ~ Lancé par Seabra Alvaro (22/01/2014 19:10:38) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Secunia PSI Ad-Aware Antivirus v10.5.3.4405 ---\\ Logiciels d'optimisation du système CCleaner v4.03 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2037 MB (55% free) System Restore: Activé (Enable) System drive C: has 2 GB (9%) free of 20 GB ---\\ Mode de connexion au système ~ Computer Name: SEABRA-C621CF66 ~ User Name: Seabra Alvaro ~ All Users Names: SUPPORT_388945a0, Seabra Alvaro, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\Seabra Alvaro\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\Seabra Alvaro\Application Data\ ~ %Desktop% : C:\Documents and Settings\Seabra Alvaro\Bureau\ ~ %Favorites% : C:\Documents and Settings\Seabra Alvaro\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Seabra Alvaro\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Seabra Alvaro\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 2 Go of 20 Go) D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 55 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.897CA9DA6F568E24549719D5676385A1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 08:57:02.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/9 ~ Mes musiques (My Musics) : 1/3 ~ Mes Favoris (My Favorites) : 1/19 ~ Mes Documents (My Documents) : 1/753 ~ Mon Bureau (My Desktop) : 1/196 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.0FCB7EEB0E81A777735A5AF185F56C2B] - (.Intel® Corporation - Intel® Wireless Management Service.) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312] [PID.1312] [MD5.60714B1C15F815F55798C0B3D4819BEB] - (...) -- C:\WINDOWS\System32\WLTRYSVC.exe [20480] [PID.1732] [MD5.7C19764A2EC7AC4AE8DB4BBF0B7F20C5] - (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Co.) -- C:\WINDOWS\System32\bcmwltry.exe [1253376] [PID.1744] [MD5.AE1671A3C798A3467DE5E7DD12179803] - (.Lavasoft Limited - Ad-Aware Antivirus Service.) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336] [PID.2020] [MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.268] [MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.320] [MD5.C37B83B51CDF10E5BB6F78A7E4FED11A] - (.Intel® Corporation - Intel® PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [874768] [PID.372] [MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.424] [MD5.C82DCFCC00C10B91346ABB953FF79EE8] - (.Dell Inc. - Internal Network Card Power Management Ser.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136] [PID.552] [MD5.C96980CCCF84329824623B0B50383703] - (.Intel® Corporation - Intel® PROSet/Wireless Registry Service.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe [473360] [PID.636] [MD5.99FC1599F89A80216E41175B8CA44D89] - (.GFI Software - GFI Software Anti Malware Service.) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000] [PID.720] [MD5.686FA4ACFDCB4E16B7F0230B88F6D17E] - (.SigmaTel, Inc. - STacSV Module.) -- C:\WINDOWS\system32\StacSV.exe [90112] [PID.876] [MD5.5BDD2AE06F704D8257255ED8009CA722] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint\Apoint.exe [159744] [PID.1568] [MD5.17CEC1CB41C5580DBE20984FC73BC4F4] - (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\WINDOWS\system32\WLTRAY.exe [1392640] [PID.1672] [MD5.A27D803B21F24A5CFB775944EA4CB130] - (.Wave Systems Corp. - Tdm Service.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [737280] [PID.1692] [MD5.48ED49A40D09A6CF258E8BF398B9CF79] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [162584] [PID.1708] [MD5.B922482FA05828762EA1FD8D24D3AD62] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [138008] [PID.1716] [MD5.62A4B2F9D96D95C6DF2FE0E176233619] - (.Wave Systems Corp. - WavX Document Manager Application.) -- C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [92160] [PID.1620] [MD5.66C4B559B1390E8895B307C73D8137DC] - (.Wave Systems Corp. - Check For Later Product Line.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [218424] [PID.1972] [MD5.45209E0DF290F993ACDFBA69911B27FB] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [252696] [PID.2036] [MD5.4F5562F8C92EEDA83761244AC3655ADA] - (.Intel® Corporation - Intel® PROSet/Wireless Zero Config Servic.) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160] [PID.2092] [MD5.D21B30A0A07EBB5AD6D5750735D90555] - (.Intel® Corporation - Intel® PROSet/Wireless Framework.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe [1202448] [PID.2116] [MD5.4F20ACC4837FFEDD9923A37949D414FF] - (.Pas de propriétaire - SysTray MFC Application.) -- C:\Program Files\Dell\Dell Mobile Broadband\systray.exe [331851] [PID.2144] [MD5.6B40E4DEA551DFB2E9A093D41477A623] - (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe [1228800] [PID.2196] [MD5.83A27BDC021979643DDE277BBA83F0C0] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\Apoint\ApMsgFwd.exe [50736] [PID.2252] [MD5.34F44FE583D16815AD848855E7618E0D] - (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\WINDOWS\stsystra.exe [303104] [PID.2288] [MD5.C574C551637734B13278898FE2D12D15] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint\HidFind.exe [40960] [PID.2804] [MD5.F3C41B7AE649AEBD81DB698BECBE351E] - (.Lavasoft - Ad-Aware Browsing Protection and Anti-Phish.) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [554384] [PID.2860] [MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.2872] [MD5.99A7B10500920E5CC79B700927B18BC1] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\Apoint\Apntex.exe [40960] [PID.2920] [MD5.10C988160342516D8B3C317C40EE4E4C] - (.Pas de propriétaire - ServoApp MFC Application.) -- C:\WINDOWS\system32\ServoApp.exe [417792] [PID.2992] [MD5.27E8BBE87A4862AE84B0FC4CC857B1A1] - (.Edimax Technology Co., Ltd. - MFP Agent.) -- C:\Program Files\MFP Server\App\Common\MFPAgent.exe [741376] [PID.3088] [MD5.C9B9942EECA0B82E35D60627E365510A] - (.Intel® Corporation - Intel® WLANKeeper SSO Service.) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160] [PID.3120] [MD5.7D677B93A0CFA26C8A4029ABA71C2EA6] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20472992] [PID.3244] [MD5.0B3BA73811EA0B419F996CB0B9BAE78A] - (.Lavasoft Limited - Ad-Aware Antivirus.) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe [18834784] [PID.3680] [MD5.E8DD777F7AA93648894574CC418B0624] - (.TOSHIBA CORPORATION. - TosBtMng.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2150400] [PID.808] [MD5.101495E2863382E534EFC0C5D6251B0F] - (.TOSHIBA CORPORATION. - TosA2dp.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [278528] [PID.2980] [MD5.2C92B17E820094F37037B6CE114BEB69] - (.TOSHIBA CORPORATION. - Pas de description.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [69632] [PID.3268] [MD5.8C35DB52F07A78E8DF230D76F141FD29] - (.TOSHIBA CORPORATION. - TosBtHSP.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe [270336] [PID.3284] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.1552] [MD5.398A81D590424441B2F5C5C08073CADB] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files\Secunia\PSI\PSIA.exe [1229528] [PID.2320] [MD5.FBB33D6550559030FE42615572FE9FC3] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\PSI_TRAY.exe [565464] [PID.3656] [MD5.D8A768A65A549F07AE6329B8558A0FBB] - (.Microsoft Corporation - Spider.) -- C:\WINDOWS\system32\spider.exe [539136] [PID.260] [MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.2756] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Seabra Alvaro\Application Data\Mozilla\Firefox\Profiles\cc34kvse.default\prefs.js P2 - FPN: [HKLM] [@Microsoft.com/DownloadManager,version=1.1] - (...) -- (.not file.) P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.8] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.) ~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation O4 - GS\Program [seabra Alvaro]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 11 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: Bluetooth Manager.lnk . (.TOSHIBA CORPORATION. - TosBtMng.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe O4 - GS\Program [AllUsers]: Secunia PSI Tray.lnk . (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\psi_tray.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ChangeTPMAuth] . (.Wave Systems Corp. - ChangeTPMAuth Application.) -- C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe O4 - HKLM\..\Run: [WavXMgr] . (.Wave Systems Corp. - WavX Document Manager Application.) -- C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [secureUpgrade] . (.Wave Systems Corp. - Check For Later Product Line.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [EmbassySecurityCheck] . (.Wave Systems Corp. - ESC Embassy Security Check.) -- C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe O4 - HKLM\..\Run: [intelZeroConfig] . (.Intel® Corporation - Intel® PROSet/Wireless Zero Config Servic.) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [intelWireless] . (.Intel® Corporation - Intel® PROSet/Wireless Framework.) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe O4 - HKLM\..\Run: [systray] . (.Pas de propriétaire - SysTray MFC Application.) -- C:\Program Files\Dell\Dell Mobile Broadband\systray.exe O4 - HKLM\..\Run: [Dell QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [sigmatelSysTrayApp] . (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\WINDOWS\stsystra.exe O4 - HKLM\..\Run: [TrayServer] . (.MAGIX AG - Trayserver.) -- C:\Program Files\MAGIX\Films_sur_DVD_7_TerraTec_Edition\TrayServer.exe O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] . (.Lavasoft - Ad-Aware Browsing Protection and Anti-Phish.) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe O4 - HKLM\..\Run: [Ad-Aware Antivirus] Clé orpheline O4 - HKLM\..\Run: [server Application] . (.Pas de propriétaire - ServoApp MFC Application.) -- C:\WINDOWS\system32\ServoApp.exe O4 - HKLM\..\Run: [GDI Manager] . (.Edimax Technology Co., Ltd. - MFP Agent.) -- C:\Program Files\MFP Server\App\Common\MFPAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [EPSON Stylus SX400 Series (Copie 1)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-507921405-1592454029-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-507921405-1592454029-725345543-1003\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-507921405-1592454029-725345543-1003\..\Run: [EPSON Stylus SX400 Series (Copie 1)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.exe =>.Epson Seiko Corporation ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371866031504 O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} ((no name)) - http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{804D096D-CC7C-417D-967D-9829A9C7290E}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{804D096D-CC7C-417D-967D-9829A9C7290E}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS3\Services\Tcpip\..\{804D096D-CC7C-417D-967D-9829A9C7290E}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: gemsafe . (.Gemplus - Dynamic Link Library.) -- C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Wave UCSPlus (Wave UCSPlus) . (. - .) - C:\WINDOWS\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75} O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) . (...) - C:\WINDOWS\system32\WLTRYSVC.exe ~ Services: 17 Legitimates Filtered in 00mn 03s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job [1100] ~ Scheduled Task: 4 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Format Factory Packages - (...) [HKCU] -- Format Factory Packages O42 - Logiciel: Security Wizards - (.Nom de votre société.) [HKLM] -- InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} ~ Logic: 27 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\FWT_DLM] [HKCU\Software\MeadCo] [HKLM\Software\MeadCo] ~ Key Software: 254 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 25/06/2013 - 17:16:25 - [0] ----D C:\Program Files\Remote Control PC O43 - CFD: 06/01/2014 - 05:39:43 - [1,272] ----D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection O43 - CFD: 16/07/2013 - 17:07:59 - [1,063] ----D C:\Documents and Settings\Seabra Alvaro\Application Data\0F0W0T1V0D0L0M O43 - CFD: 25/06/2013 - 17:16:25 - [0] ----D C:\Documents and Settings\Seabra Alvaro\Application Data\Remote Control PC ~ Program Folder: 154 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.2BC43FB502B363F7AC5A4B894BE5D16E] - 22/01/2014 - 09:05:55 ---A- . (...) -- C:\WINDOWS\win.ini [603] O44 - LFC:[MD5.6DBE95274F16CCBDFA5C084611D65991] - 22/01/2014 - 18:08:46 ----- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.DCBE278902C49F3ED32F661040B1DD44] - 22/01/2014 - 18:35:02 ---A- . (...) -- C:\WINDOWS\wiadebug.log [561] O44 - LFC:[MD5.82C9DA7CBE3F722269E0B02E86A43FCE] - 22/01/2014 - 19:05:17 ---A- . (...) -- C:\DelFix.txt [627] ~ Files: 25 Legitimates Filtered in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Remote Control PC\apc_host.exe" [Enabled] .(...) -- C:\Program Files\Remote Control PC\apc_host.exe (.not file.) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dmwu.exe" [Enabled] .(...) -- C:\WINDOWS\system32\dmwu.exe (.not file.) O47 - AAKE:Key Export SP - "E:\FRANCAIS\EdiMax\Installer\FirstTimeInstaller.exe" [Enabled] .(...) -- E:\FRANCAIS\EdiMax\Installer\FirstTimeInstaller.exe (.not file.) ~ Keys Export: 13 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{f95f9dab-ff85-11e2-828d-001c233a2b44}\AutoRun\command. (...) -- F:\MI.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 27/06/2013 - 21:25:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSnx.sys.sum [175] O58 - SDL:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 27/06/2013 - 21:25:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSP.sys.sum [175] O58 - SDL:[MD5.22EA82FFE8CA4965C1994F24C35DC202] - 27/06/2013 - 21:25:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys.sum [175] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 11:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.8E1945984E147562F9F08E1D344A69CC] - 16/01/2007 - 09:22:00 ---A- . (.CSR, plc - CsrUsb Device Driver.) -- C:\WINDOWS\system32\Drivers\csrbcxp.sys [31744] O58 - SDL:[MD5.AC3D8D4BCBEA55D4ACDA79B3BB9831CE] - 11/11/2008 - 13:23:01 R--A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\WINDOWS\system32\Drivers\emBDA.sys [485920] O58 - SDL:[MD5.EC451187684B4DC09234666BC96114C6] - 11/11/2008 - 13:23:09 R--A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\WINDOWS\system32\Drivers\emOEM.sys [45344] O58 - SDL:[MD5.FE4D369172AC1CC19C876BDB5BDC31A3] - 23/05/2013 - 07:39:13 ---A- . (.ThreatTrack Security - gfiark32.sys.) -- C:\WINDOWS\system32\Drivers\gfiark.sys [43368] O58 - SDL:[MD5.483924F92E55A5F9423201EC635E2CED] - 03/09/2013 - 21:11:07 ---A- . (.GFI Software - GFI Boot Time Operations Driver.) -- C:\WINDOWS\system32\Drivers\gfibto.sys [13560] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 08:36:06 ----- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.EF11104C29F22C1D2814EC9222F16C06] - 09/01/2007 - 23:36:22 ---A- . (.None - mfpcomp.) -- C:\WINDOWS\system32\Drivers\mfpcomp.sys [10880] O58 - SDL:[MD5.A570DBB0618A19B4FA214CB38265294A] - 06/05/2007 - 21:44:16 ---A- . (.None - mfpec.) -- C:\WINDOWS\system32\Drivers\mfpec.sys [34944] O58 - SDL:[MD5.C0DDDFB1719B5D58001A7054D6FD0FE2] - 20/10/2006 - 02:57:12 ---A- . (.None - mfpvbus.) -- C:\WINDOWS\system32\Drivers\mfpvbus.sys [10240] O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/04/2008 - 10:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/04/2008 - 10:23:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/04/2008 - 08:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/04/2008 - 10:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:[MD5.9EDF6FD48A9EB4AFDF225EB9C5111DF6] - 22/03/2007 - 13:12:34 ---A- . (.Novatel Wireless Inc - NWADI Interface Bus Enumerator.) -- C:\WINDOWS\system32\Drivers\NWADIenum.sys [178176] O58 - SDL:[MD5.1A859F70728CAD712F90F9953667AD7F] - 22/03/2007 - 13:12:32 ---A- . (.Novatel Wireless Inc. - USB/Serial Device Driver.) -- C:\WINDOWS\system32\Drivers\nwdelmdm.sys [92288] O58 - SDL:[MD5.1A859F70728CAD712F90F9953667AD7F] - 22/03/2007 - 13:12:32 ---A- . (.Novatel Wireless Inc. - USB/Serial Device Driver.) -- C:\WINDOWS\system32\Drivers\nwdelser.sys [92288] O58 - SDL:[MD5.68B57D7C11277EA89F78255480376B4D] - 06/12/2013 - 15:47:12 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\WINDOWS\system32\Drivers\psi_mf_x86.sys [16024] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 11:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/04/2008 - 10:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:[MD5.862EEC4DFFF55AB124C9F4C758BECC39] - 12/09/2012 - 19:19:38 ---A- . (.GFI Software - GFI ActiveProtection hook driver.) -- C:\WINDOWS\system32\Drivers\sbaphd.sys [22064] O58 - SDL:[MD5.87574F4C899E8AEDDDC1EDF71D3E045E] - 12/09/2012 - 19:19:38 ---A- . (.GFI Software - GFI ActiveProtection Filter.) -- C:\WINDOWS\system32\Drivers\sbapifs.sys [66344] O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/04/2008 - 10:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/04/2008 - 10:23:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/04/2008 - 10:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/04/2008 - 10:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 11:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.DB626C46997C2430D4958DA5C7FFB969] - 06/09/2007 - 08:18:40 ---A- . (.Windows ® Codename Longhorn DDK provider - WaveFDE Device Driver.) -- C:\WINDOWS\system32\Drivers\WaveFDE.sys [18176] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 7 Legitimates Filtered in 00mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][22/01/2014] (...) -- C:\Documents and Settings\Seabra Alvaro\Local Settings\Application Data\WavXMapDrive.bat [0] [MD5.131B9DE1F89A04CF90C8615889EF838A] [sPRF][22/01/2014] (.Pas de propriétaire - Contrôle et suppression restrictions.) -- C:\Documents and Settings\Seabra Alvaro\Bureau\CTR.exe [939795] [MD5.86D65D93202477E6460736A199498BC0] [sPRF][30/04/2013] (.Pas de propriétaire - AutoPlay Application.) -- C:\Documents and Settings\Seabra Alvaro\Bureau\Kaspersky Internet Security 2013.exe [171165764] ~ Files: 7 Legitimates Filtered in 00mn 08s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "24E9EA15D04641C49A6B346FA44A3E2E" . (.Document Manager Lite.) -- C:\WINDOWS\Installer\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\ARPPRODUCTICON.exe O90 - PUC: "293A837E096FD9A408E8B7FA080E3B89" . (.ESC Home Page Plugin.) -- C:\WINDOWS\Installer\{E738A392-F690-4A9D-808E-7BAF80E0B398}\ARPPRODUCTICON.exe O90 - PUC: "3ED8D343F1EAA13438C06B36258EAC21" . (.OZ776 SCR Driver V1.1.3.9.) -- C:\WINDOWS\Installer\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\ARPPRODUCTICON.exe O90 - PUC: "3F494A42F5B53814F9D7C98E82211CCF" . (.tsp patch.) -- C:\WINDOWS\Installer\{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}\ARPPRODUCTICON.exe O90 - PUC: "5E6C3959E5023C547B5850FC41C67AA6" . (.biolsp patch.) -- C:\WINDOWS\Installer\{9593C6E5-205E-45C3-B785-05CF146CA76A}\ARPPRODUCTICON.exe O90 - PUC: "6DE81FB4888CFCB44AFACAA76103B51C" . (.GemSafe Standard Edition 5.1.) -- C:\WINDOWS\Installer\{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}\ARPPRODUCTICON.exe O90 - PUC: "6E3E48CE6D2CBFD4180E4438428CDF4F" . (.Security Wizards.) -- C:\WINDOWS\Installer\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\ARPPRODUCTICON.exe O90 - PUC: "9E928E1D8B886C747AE5D0042E0CD905" . (.Secure Update.) -- C:\WINDOWS\Installer\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\ARPPRODUCTICON.exe ~ Update Products: 63 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.CB5156D131AFF147DADCB4236A7736B1] [WIS][03/09/2013] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\402056.msi [24576] =>Adware.Boxore [MD5.3E4741F8B447EAD6C1D0AD882F1086C8] [WIS][03/09/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\40205c.msi [474624] =>Adware.Boxore [MD5.BA7E25DC2D3278E1210AB6208096DAE0] [WIS][22/06/2013] (.NTRU Cryptosystems - NTRU TCG Software Stack.) -- C:\Windows\Installer\7ce6e.msi [220672] [MD5.53A7CBBDEDCC113E78BE81BDA0957326] [WIS][22/06/2013] (.Wave Systems Corp. - Trusted Drive Manager.) -- C:\Windows\Installer\7ced6.msi [5120000] ~ WIS: 66 Legitimates Filtered in 00mn 14s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 17/11/2005 1527900 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe SS - | Demand 31/08/2007 486400 | (SecureStorageService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Auto 01/02/2007 1466368 | (tcsd_win32.exe) . (...) - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe SS - | Demand 13/09/2007 192512 | (WaveEnrollmentService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe SR - | Auto 13/06/2013 1236336 | (Ad-Aware Service) . (.Lavasoft Limited.) - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.exe SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.exe SR - | Auto 03/11/2009 874768 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 22/01/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 20/07/2007 475136 | (NICCONFIGSVC) . (.Dell Inc..) - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe SR - | Auto 03/11/2009 473360 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 03/11/2009 909312 | (S24EventMonitor) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe SR - | Auto 20/09/2012 3677000 | (SBAMSvc) . (.GFI Software.) - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe SR - | Auto 06/12/2013 1229528 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe SR - | Auto 19/02/2007 90112 | (STacSV) . (.SigmaTel, Inc..) - C:\WINDOWS\system32\StacSV.exe SR - | Auto 07/09/2007 737280 | (TdmService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe SR - | Auto 03/11/2009 348160 | (WLANKEEPER) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe SR - | Auto 16/03/2007 20480 | (wltrysvc) . (...) - C:\WINDOWS\system32\WLTRYSVC.exe ~ Services: Scanned in 00mn 15s ---\\ Scan Additionnel (O88) Database Version : 13018 - (02/01/2014) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 2 [HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore [HKCU\Software\USyndication] =>Trojan.USyndication [HKCU\Software\usyndication.com] =>Trojan.USyndication C:\Windows\Installer\402056.msi =>Adware.Boxore^ C:\Windows\Installer\40205c.msi =>Adware.Boxore^ ~ Additionnel Scan: 203593 Items scanned in 00mn 16s ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ MSI: 2 link(s) detected in 00mn 16s ~ 884 Legitimates filtered by white list End of the scan (536 lines in 01mn 04s)(0) -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
# DelFix v10.6 - Rapport créé le 22/01/2014 à 19:05:15 # Mis à jour le 11/11/2013 par Xplode # Nom d'utilisateur : Seabra Alvaro - SEABRA-C621CF66 # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) ~ Suppression des outils de désinfection ... Supprimé : C:\_OTM Supprimé : C:\AdwCleaner Supprimé : C:\Documents and Settings\Seabra Alvaro\Application Data\ZHP Supprimé : C:\Documents and Settings\Seabra Alvaro\Bureau\ZHPDiag2.exe Supprimée : HKLM\SOFTWARE\OldTimer Tools Supprimée : HKLM\SOFTWARE\AdwCleaner Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis ########## - EOF - ########## -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Rapport de Contrôle restrictions Pierre13 (CTR version 1.0.0.5 ) du 22\01\2014 à 18:54:29 PC de Seabra Alvaro Analyse effectuée en 3.444 s Contrôle présence restrictions 145 restrictions contrôlées. Aucune restriction trouvée. Le rapport est sur le bureau (C:\Documents and Settings\Seabra Alvaro\Bureau\CTR.txt) je l'avais supprimer apres utilisation -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
ah oui autre souci !! impossible d'acceder au site de windows update ?? -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
apparamment non ! alors voici le message : C:\program Files\ZHPDiag.exe Une erreur est survenue en essayant de renommer un fichier dans le dossier de destination: Movefile a échoué; code 5 acces refusé -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Jarrive pas a installer ZHPDIAG j ai cette fenetre qui souvre (j espere que la capture d'ecran va passer? ) -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
voilàle rapport : JavaUpdate (Pierre13) Rapport du 22\01\2014 à 17:38:08 PC de Seabra Alvaro Version de Windows : Microsoft Windows XP Service Pack 3 (32 bits) *** Version Java 7 Update 45 désinstallée *** Dernière version 7 Update 51 Aucune version de Java installée Dernière version Java 7 Update 51 installée ! Mise à jour automatique de Java désactivée. Fin du rapport. Le rapport est sur le bureau : C:\Documents and Settings\Seabra Alvaro\Bureau\Rapport_JavaUpdate.txt le pc va mieux qu'avant ma demande sur le site mais pas utilisé a part pour le desinfecté j ai suprimé tout le contenu dans le repertoire telechargement mais j ai pas trouvé celui ci :iLividSetupV1.exe -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Non désolé ça a marché c'est il fallais désinstaller le logiciel MBAM avant car il bloquais tout voici le rapport OYM : All processes killed ========== FILES ========== File/Folder C:\Documents and Settings\Seabra Alvaro\Mes documents\Téléchargements\MagVi2013.rar.part not found. File/Folder C:\Documents and Settings\Seabra Alvaro\Mes documents\Téléchargements\FLVPlayerSetup.exe.part not found. File/Folder C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP225\A0067009.exe not found. File/Folder D:\MES DOCUMENTS\Mes images\sauv usb\iLividSetupV1.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Seabra Alvaro ->Temp folder emptied: 923 bytes ->Temporary Internet Files folder emptied: 33872 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 14088405 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 906 bytes Total Files Cleaned = 14,00 mb OTM by OldTimer - Version 3.1.21.0 log created on 01222014_171444 Files moved on Reboot... Registry entries deleted on Reboot... -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
J'ai unstallé OTM copier coller le code et mon pc est rester bloqué ? je l'ai fais 2 fois et meme resultats. -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Bonjour, J'ai essayé mais il me demande de un ID ET un numero de clé (payer autrement dit) -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Bonjour, J'ai recommencé et voici le rapport MBAM : _Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2014.01.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Seabra Alvaro :: SEABRA-C621CF66 [administrateur] 19/01/2014 10:22:31 mbam-log-2014-01-19 (10-22-31).txt Type d'examen: Examen complet (C:\|D:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 247301 Temps écoulé: 56 minute(s), 27 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B} (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 1 HKLM\SOFTWARE\Software\Update\Clients\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}|name (Adware.Boxore) -> Données: BoxoreClient -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 59 C:\Documents and Settings\Seabra Alvaro\Mes documents\Téléchargements\MagVi2013.rar.part (PUP.Hacktool.Patcher) -> Aucune action effectuée. C:\Documents and Settings\Seabra Alvaro\Mes documents\Téléchargements\FLVPlayerSetup.exe.part (PUP.Optional.InstallCore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP225\A0067009.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée. D:\MES DOCUMENTS\Mes images\sauv usb\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Aucune action effectuée. C:\AdwCleaner\Quarantine\C\Program Files\Boxore\BoxoreClient\boxore.exe.vir (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068379.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068380.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068381.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068382.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068384.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068385.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068386.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068387.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068388.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068389.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068390.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068391.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068392.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068393.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068394.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068395.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068396.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068397.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068398.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068399.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068400.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068402.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068403.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068404.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068405.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068406.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068408.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068409.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068410.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068411.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068412.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068413.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068414.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068415.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068416.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068417.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068418.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068383.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068401.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068419.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068420.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068421.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068422.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068423.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068424.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068425.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068426.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068427.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068428.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068429.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068430.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068431.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068432.dll (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068439.exe (Adware.Boxore) -> Mis en quarantaine et supprimé avec succès. (fin) -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Apollo désolé !! -
[Résolu] Besoin de nettoyage en profondeur
herisson38 a répondu à un(e) sujet de herisson38 dans Analyses et éradication malwares
Bonsoir Appolo, Je ne met pas en doute ton topic bien au contraire mais plutot mon imcompétence !! pour ce qui est de la version voici cette que j ai installer avec ton lien j ai pas les meme icones ! (pas trouvé le petit tournevis ?? ) néanmoins j'ai tout de même réussi a faire une grande partie de ce que tu m'as indiqué : _Le rapport de SFTGC : Rapport de SFTGC (Pierre13) du Dimanche 19 Janvier 2014 à 10:03:52 version : 2.0.0.60 Mis à jour le 27/11/2013 Outil lancé en Mode normal et En tant qu'administrateur Microsoft Windows XP Service Pack 3 32 bits Tool start in C:\Documents and Settings\Seabra Alvaro\Bureau 274 éléments supprimés => 194.13 Mo libérés. (17 s) C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\1d284d74-ff3f-42ad-9b37-1d9a146af69e.xml C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\5d5b43fb-0840-4bdf-bfe7-5ecc06fa4d44.xml C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\632b04cd-b583-4dde-8307-f315c99b902d.xml C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\AdobeARM.log C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\AdwCleaner.jpg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Cleaning.ico C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Donate.ico C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\etsVersions.xml C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\f59e5c2c-a42f-4248-a1cf-0b5e71aaabee.xml C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\JRT.txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jusched.log C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\plugtmp C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\plugtmp-1 C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Report.ico C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Scan.ico C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Uninstall.ico C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\WPDNSE C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\Skype\DbTemp C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\APPID_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\APPID_files.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\appinit64_null.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\appinit_null.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\APPPATHS.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\ask.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\askCLSID.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\askregkey_x64.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\askregkey_x86.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\askregvalue_x64.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\askregvalue_x86.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\askservices.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\badAPPINIT.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\badFOLDERS.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\badFOLDERScom.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\badFOLDERSstart.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\badLNK.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\badvalues.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\BHO_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\BHO_name.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\browsermngr_keys.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\browsermngr_values.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CHOICE.DAT C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\chrome.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CHRregkey_x64.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CHRregkey_x86.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CHR_extensions.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CHR_open_x64.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CHR_open_x86.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\clean_shortcut.vbs C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CLSID_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\currentmd5.txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\CUT.DAT C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\datamngr_del.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\defaultscope.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\delfolders.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\delorphans.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\ELEVATIONPOLICY_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\ev_clear.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\EXT.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFbrowsermngr.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFextensions.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFpluginREG.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFplugins.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFprefs.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFregkey_x64.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFregkey_x86.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFwhtlist.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFXML.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FFXPI.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FF_open_x64.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FF_open_x86.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\firefox.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FWCLSID.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\FWPolicy.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\get.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\IEwhtlst.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\iexplore.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\IE_open_x64.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\IE_open_x86.reg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\IFEO.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\INTERFACE_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\JRT.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\medfos.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\MENUEXT.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\misc.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\modules.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\modules.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\moduleservices.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\newmd5.txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\NIRCMD.DAT C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\NOTIFY.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\PREAPPROVED_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\prelim.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\PRODUCTS.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGhcr.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGhkcu_and_hklm_allow.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGhkcu_and_hklm_software.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGhkcu_software_appdatalow.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGhkcu_software_microsoft.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGhklm_software_classes.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\REGISTRYUSERSID.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\runvalues.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\runvalues_x64.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\runvalues_x86.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\S1518COMPONENTS.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\searchlnk.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\SED.DAT C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\sednewline.txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\services.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\serviceseventlog.cfg C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\SETTINGS_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\SHORTCUT.DAT C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\STATS_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\TDL4.bat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\temp C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\TRACING.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\TYPELIB_clsid.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\UNINSTALL.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\UpgradeCodes.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\WGET.DAT C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\WOW6432NODE.dat C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\temp\null.txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\ERDNT.E_E C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\ERDNTDOS.LOC C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\ERDNTWIN.LOC C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\ERUNT.EXE C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\ERUNT.EXE.manifest C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\ERUNT.LOC C:\Documents and Settings\Seabra Alvaro\Local Settings\Temp\jrt\erunt\README.TXT C:\Documents and Settings\Seabra Alvaro\Recent\AdwCleaner-19012014.txt.lnk C:\Documents and Settings\Seabra Alvaro\Recent\AdwCleaner.lnk C:\Documents and Settings\Seabra Alvaro\Recent\Desktop.ini C:\Documents and Settings\Seabra Alvaro\Recent\hijackthis.lnk C:\Documents and Settings\Seabra Alvaro\Recent\hijackthis19-01-2014.log.lnk C:\Documents and Settings\Seabra Alvaro\Recent\JRT-19-01-2014.txt.lnk C:\Documents and Settings\Seabra Alvaro\Recent\JRT.lnk C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\desktop.ini C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\1TV0OI03 C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\NWYUKT2S C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\WZIUJBWY C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\ZVIIOCXZ C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\ZVIIOCXZ\desktop.ini C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\ZVIIOCXZ\UpdateService[1].asmx C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\WZIUJBWY\desktop.ini C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\WZIUJBWY\Version[1].txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\NWYUKT2S\desktop.ini C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\NWYUKT2S\VersionSFT[1].txt C:\Documents and Settings\Seabra Alvaro\Local Settings\Temporary Internet Files\Content.IE5\1TV0OI03\desktop.ini C:\DOCUME~1\SEABRA~1\LOCALS~1\Temp\jrt C:\DOCUME~1\SEABRA~1\LOCALS~1\Temp\Skype C:\WINDOWS\TEMP\14778D3.dmp C:\WINDOWS\TEMP\1478C3B.tmp C:\WINDOWS\TEMP\148701.dmp C:\WINDOWS\TEMP\148EA2.tmp C:\WINDOWS\TEMP\1EB796.dmp C:\WINDOWS\TEMP\1EC050.tmp C:\WINDOWS\TEMP\dw.log C:\WINDOWS\TEMP\E_S3.tmp C:\WINDOWS\TEMP\WGAErrLog.txt C:\WINDOWS\Prefetch\ACRORD32.EXE-3B19D33B.pf C:\WINDOWS\Prefetch\ADAWARE.EXE-3510C6A1.pf C:\WINDOWS\Prefetch\ADAWARELAUNCHER.EXE-03B45334.pf C:\WINDOWS\Prefetch\ADOBEARM.EXE-1095AC0A.pf C:\WINDOWS\Prefetch\ADOBEARMHELPER.EXE-3AF1CA4F.pf C:\WINDOWS\Prefetch\ADWCLEANER.EXE-027230F0.pf C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf C:\WINDOWS\Prefetch\BATTERY.EXE-335EC93E.pf C:\WINDOWS\Prefetch\BOXORE.EXE-0F8CBA6A.pf C:\WINDOWS\Prefetch\BRIGHTNESS.EXE-0876E03F.pf C:\WINDOWS\Prefetch\CACAONEW06AC23.EXE-29FAFB25.pf C:\WINDOWS\Prefetch\CACAONEW1768ED.EXE-269A2F63.pf C:\WINDOWS\Prefetch\CACAOWEB.EXE-022A14F5.pf C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf C:\WINDOWS\Prefetch\CCLEANER.EXE-0BCE437C.pf C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-29951F6F.pf C:\WINDOWS\Prefetch\CUT.DAT-0F7739BB.pf C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf C:\WINDOWS\Prefetch\DLLHOST.EXE-5353C76C.pf C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf C:\WINDOWS\Prefetch\EMBASSYSECURITYSETUPWIZARD.EX-0A92B639.pf C:\WINDOWS\Prefetch\EREGISTR.EXE-2740749B.pf C:\WINDOWS\Prefetch\ERUNT.EXE-304B447F.pf C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf C:\WINDOWS\Prefetch\E_FAMTEGE.EXE-23E690F7.pf C:\WINDOWS\Prefetch\E_FARNEGE.EXE-112E9372.pf C:\WINDOWS\Prefetch\E_FATIEGE.EXE-1FC1995F.pf C:\WINDOWS\Prefetch\FC.EXE-1B9F0926.pf C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf C:\WINDOWS\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf C:\WINDOWS\Prefetch\FLASHUTIL32_11_9_900_170_PLUG-0E983260.pf C:\WINDOWS\Prefetch\FORMATFACTORY.EXE-08611A37.pf C:\WINDOWS\Prefetch\FSUTIL.EXE-065D4AC7.pf C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf C:\WINDOWS\Prefetch\HIDFIND.EXE-1A32D7A6.pf C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-03519E16.pf C:\WINDOWS\Prefetch\ICRDCLL.EXE-23A46A26.pf C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf C:\WINDOWS\Prefetch\IFRMEWRK.EXE-14EE25E3.pf C:\WINDOWS\Prefetch\IGFXEXT.EXE-20973E2B.pf C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf C:\WINDOWS\Prefetch\IWRAP.EXE-082C3803.pf C:\WINDOWS\Prefetch\JAVA.EXE-1E21D4DA.pf C:\WINDOWS\Prefetch\JAVAW.EXE-021F87DA.pf C:\WINDOWS\Prefetch\JAVAWS.EXE-1EEF33AA.pf C:\WINDOWS\Prefetch\JRT.EXE-3B894869.pf C:\WINDOWS\Prefetch\Layout.ini C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf C:\WINDOWS\Prefetch\MRTSTUB.EXE-0B0C36AA.pf C:\WINDOWS\Prefetch\MSDTC.EXE-0E6E4AF7.pf C:\WINDOWS\Prefetch\MSI48.TMP-19FE9D25.pf C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf C:\WINDOWS\Prefetch\NIRCMD.DAT-3847ED03.pf C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf C:\WINDOWS\Prefetch\PLUGIN-HANG-UI.EXE-27E3447E.pf C:\WINDOWS\Prefetch\READER_SL.EXE-089975CC.pf C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf C:\WINDOWS\Prefetch\RUNDLL32.EXE-1714B23E.pf C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BA9C9EB.pf C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F722081.pf C:\WINDOWS\Prefetch\RUNDLL32.EXE-4489B61B.pf C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf C:\WINDOWS\Prefetch\RVKROOTS.EXE-27EADEDA.pf C:\WINDOWS\Prefetch\SBAMTRAY.EXE-3779AA95.pf C:\WINDOWS\Prefetch\SC.EXE-012262AF.pf C:\WINDOWS\Prefetch\SCHTASKS.EXE-0CBF6A11.pf C:\WINDOWS\Prefetch\SED.DAT-3680A047.pf C:\WINDOWS\Prefetch\SFTGC.EXE-13B046C0.pf C:\WINDOWS\Prefetch\SHORTCUT.DAT-29D25B7A.pf C:\WINDOWS\Prefetch\SKYPE.EXE-30AE1A60.pf C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf C:\WINDOWS\Prefetch\SYSTRAY.EXE-345DCC1C.pf C:\WINDOWS\Prefetch\TASKKILL.EXE-0A8306E3.pf C:\WINDOWS\Prefetch\TASKLIST.EXE-10D94B23.pf C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf C:\WINDOWS\Prefetch\TOSA2DP.EXE-2CD6EF15.pf C:\WINDOWS\Prefetch\TOSBTHID.EXE-09F8CE01.pf C:\WINDOWS\Prefetch\TOSBTHSP.EXE-16937FCE.pf C:\WINDOWS\Prefetch\TOSBTMNG.EXE-33568774.pf C:\WINDOWS\Prefetch\UNSECAPP.EXE-1A95A33B.pf C:\WINDOWS\Prefetch\UPDATE.EXE-2DCD0F0C.pf C:\WINDOWS\Prefetch\UPDCHK.EXE-2CC148CC.pf C:\WINDOWS\Prefetch\UPDROOTS.EXE-1040514D.pf C:\WINDOWS\Prefetch\UPDROOTS.EXE-25D315A2.pf C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf C:\WINDOWS\Prefetch\VLC.EXE-22DF01AA.pf C:\WINDOWS\Prefetch\WEBPLAYER_FR(1).EXE-0D69910F.pf C:\WINDOWS\Prefetch\WGET.DAT-0F0F2B55.pf C:\WINDOWS\Prefetch\WIFILOCATOR.EXE-36B997B3.pf C:\WINDOWS\Prefetch\WINDOWS-KB890830-V5.8-DELTA.E-19DB15A7.pf C:\WINDOWS\Prefetch\WLKEEPER.EXE-09CCB493.pf C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9C.pf C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf Corbeille vidée. Fin du rapport. _Le rapport MBAM: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2014.01.19.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Seabra Alvaro :: SEABRA-C621CF66 [administrateur] 19/01/2014 10:22:31 MBAM-log-2014-01-19 (13-21-03).txt Type d'examen: Examen complet (C:\|D:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 247301 Temps écoulé: 56 minute(s), 27 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 1 HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B} (Adware.Boxore) -> Aucune action effectuée. Valeur(s) du Registre détectée(s): 1 HKLM\SOFTWARE\Software\Update\Clients\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}|name (Adware.Boxore) -> Données: BoxoreClient -> Aucune action effectuée. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 59 C:\AdwCleaner\Quarantine\C\Program Files\Boxore\BoxoreClient\boxore.exe.vir (Adware.Boxore) -> Aucune action effectuée. C:\Documents and Settings\Seabra Alvaro\Mes documents\Téléchargements\MagVi2013.rar.part (PUP.Hacktool.Patcher) -> Aucune action effectuée. C:\Documents and Settings\Seabra Alvaro\Mes documents\Téléchargements\FLVPlayerSetup.exe.part (PUP.Optional.InstallCore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP225\A0067009.exe (PUP.Optional.PlusHD.A) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068379.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068380.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068381.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068382.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068384.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068385.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068386.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068387.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068388.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068389.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068390.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068391.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068392.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068393.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068394.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068395.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068396.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068397.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068398.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068399.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068400.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068402.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068403.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068404.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068405.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068406.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068408.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068409.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068410.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068411.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068412.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068413.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068414.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068415.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068416.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068417.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068418.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068383.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068401.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068419.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068420.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068421.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068422.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068423.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068424.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068425.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068426.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068427.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068428.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068429.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068430.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068431.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068432.dll (Adware.Boxore) -> Aucune action effectuée. C:\System Volume Information\_restore{7C935F4C-F9C6-4631-AC68-3EB5288E9652}\RP228\A0068439.exe (Adware.Boxore) -> Aucune action effectuée. D:\MES DOCUMENTS\Mes images\sauv usb\iLividSetupV1.exe (PUP.Optional.Bandoo) -> Aucune action effectuée. (fin) et j ai effectué le nettoyage TFC mais j ai pas vu de rapport a la fin du nettoyage Merci encore Apollon !!