nettoyantlunettes
-
Compteur de contenus
20 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par nettoyantlunettes
-
infection site chat land
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
ok tout marche nickel merci pour tes precieux conseils Cordialement -
infection site chat land
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Re, voici les liens en question VirusTotal - Free Online Virus, Malware and URL Scanner VirusTotal - Free Online Virus, Malware and URL Scanner pour info le site chat land a disparu (merci!!) mais j'ai toujours pas google en moteur de recherche mais un certain search-web.net Cordialemet -
infection site chat land
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
hello, voila ce que ca donne ComboFix 11-07-29.01 - radicho 29/07/2011 15:53:27.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.634 [GMT 2:00] Lancé depuis: c:\documents and settings\radicho\Bureau\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\radicho\Application Data\FREEzeFrog c:\documents and settings\radicho\Application Data\inst.exe c:\documents and settings\radicho\errorlog.tmp c:\documents and settings\radicho\WINDOWS c:\program files\FREEzeFrog c:\windows\isRS-000.tmp c:\windows\ST6UNST.000 c:\windows\system32\rnaph.dll c:\windows\system32\Temp . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WINDOWS_INTERNET_NAME_SERVICE . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-06-28 au 2011-07-29 )))))))))))))))))))))))))))))))))))) . . 2011-07-29 11:45 . 2011-07-29 13:32 -------- d-----w- c:\program files\trend micro 2011-07-28 19:15 . 2011-07-29 08:23 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-07-28 19:14 . 2011-07-29 08:23 -------- d-----w- c:\program files\ZHPDiag . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-06 17:52 . 2009-06-09 12:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2009-06-09 12:45 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys 2011-06-06 11:35 . 2004-08-20 09:24 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-05-25 07:28 . 2011-05-25 07:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-02 15:31 . 2004-08-20 09:35 692736 ----a-w- c:\windows\system32\inetcomm.dll 2008-10-15 11:34 . 2006-08-16 14:31 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe 2007-11-07 01:19 . 2010-11-08 09:59 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll 2007-11-07 01:19 . 2010-11-08 09:59 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll 2009-04-07 18:52 . 2009-04-07 18:52 28672 -c--a-w- c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll 2008-10-19 09:58 . 2008-10-19 09:58 49152 -c--a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . c:\documents and settings\radicho\Menu D‚marrer\Programmes\D‚marrage\ Protection.lnk - c:\documents and settings\radicho\Protection.jar [2011-6-29 18345] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eChanblard\\emule.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\PartyFrance\\PartyFrance.exe"= "c:\\Program Files\\PartyFrance\\PartyPokerFr\\RunApp.exe"= "c:\\Program Files\\Orange\\Connexion Internet Orange\\Connectivity\\ConnectivityManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2147:TCP"= 2147:TCP:port "443:TCP"= 443:TCP:Port "5432:TCP"= 5432:TCP:postgres . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/02/2009 14:16 691696] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/06/2009 16:07 108289] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [01/02/2008 04:02 65536] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 11:38 92008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384] S2 ntpsirad;Server Support;c:\windows\system32\svchost.exe -k netsvcs [20/08/2004 11:24 14336] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040] S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [09/06/2009 14:14 27072] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ntpsirad . Contenu du dossier 'Tâches planifiées' . 2011-07-29 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-07-16 06:26] . 2011-07-29 c:\windows\Tasks\Nouvelle Tâche.job - c:\program files\Glary Utilities\oneclickoptimizer.exe [2010-07-16 06:27] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.search-web.net mWindow Title = uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: uStart Search - c:\documents and settings\radicho\Local Settings\Application Data\addtoustart\addtoustart.dll/202 IE: {{06568ceb-5721-47d4-9d93-7e604fcbaeab} - c:\documents and settings\radicho\Bureau\PMU Poker.lnk IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\documents and settings\radicho\Bureau\PartyPoker.fr.lnk IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\radicho\Application Data\Mozilla\Firefox\Profiles\zydvn8dp.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.search-web.net/ FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=403&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50020 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-29 16:02 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntpsirad] "ServiceDll"="c:\windows\system32\xlnpzth.dll" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'explorer.exe'(2120) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\Java\jre6\bin\javaw.exe c:\windows\system32\cscript.exe . ************************************************************************** . Heure de fin: 2011-07-29 16:05:12 - La machine a redémarré ComboFix-quarantined-files.txt 2011-07-29 14:05 . Avant-CF: 58 939 723 776 octets libres Après-CF: 58 928 881 664 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect . - - End Of File - - 56D9B9015006C14B97545448D2DFEC99 -
infection site chat land
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Ok merci apollo voici les liens info et log http://www.cijoint.fr/cjlink.php?file=cj201107/cijgR3a3yY.txt http://www.cijoint.fr/cjlink.php?file=cj201107/cijEkG6WvC.txt -
infection site chat land
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
hello, j'viens d'effectuer toute la procédure malheureusement rien n'y fait j'ai toujours cette saleté de site chat land a l'ouverture du moteur de recherche c'est déprimant! -
infection site chat land
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Merci d'avoir pris le temps de me répondre....comme demandé voici le rapport ad remover ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 10:11:01 le 29/07/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) radicho@PUPUCINO ( ) ============== ACTION(S) ============== Dossier supprimé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchqutb (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\Prefs.js -- /!\ Impossible d'ouvrir le fichier, nettoyage interrompu /!\ -- Fichier Fermé -- ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.8 (fr)] **** Plugins\npFoxitReaderPlugin.dll (Foxit Software Company) HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Searchplugins\SiteVacuum.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameGoogle Search Community</ShortName<DescriptionGoogle Power + Community</Description<InputEncodingUTF-8</InputEncoding<Image width=16 height=16data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAUbWAUfbAUnfE1PZE1TeAU3jCk/gA1TlClPkCVjmD1zmE1bhEFjlE13lHmboKGrlMWvlP3jlVYLhVYLkVYPnWIXkWInobZHjapXrdpvpgKLq////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+iJwJgAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsAAAA7AAWrWiQkAAAAYdEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My4zNTDus58AAABrSURBVChTdY9JEoAgDARR3HBF3HX+/00NagStcm7pdMFE7J+IPzDb2OVtjBuAdXyAWQAJTIYNTXsC0AxqSBvUDlzGA7LmBEXOhkoq2quEfylla59IuUccDq4vFYuC3usvaO78e8h4zXyLcw4at7Hur4NtIQAAAABJRU5ErkJggg==</Image<Url type=application/x-suggestions+json method=GET template=hxxp://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}/hxxp://www.google.fr/cse<Param name=cx value=partner-pub-8885210189291163:81bei0-h4yd/<Param name=hl value=fr/<Param name=ie value=UTF-8/<Param name=oe value=UTF-8/<Param name=sa value=Search/<Param name=q value={searchTerms}/<!-- Dynamic parameters --<MozParam name=client condition=defaultEngine trueValue=firefox-a falseValue=firefox/</Url<SearchFormhxxp://www.europowersearch.com/Results.aspx</SearchForm</SearchPlugin) Components\GooglePlusVideosXPCOM.dll (?) Components\SiteVacuumXPCOM.dll (?) -- C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default -- Extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} (MegaUpload Time Attack) Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} (FireFTP) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\radicho\\Bureau Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.8 Prefs.js - keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q= ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...) HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x) HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x) HKCU_Extensions\{0FC33475-3DB9-41E0-9E94-598B59D139F2} - "888poker" (C:\Microgaming\Poker\888MPP\MPPoker.exe,2) HKLM_Extensions\{06568ceb-5721-47d4-9d93-7e604fcbaeab} - "PMU Poker" (C:\Program Files\PMU\PMUPoker\Images\ppicon.ico) HKLM_Extensions\{725EC34E-943C-4df6-B0B2-FBDE7F242276} - "PartyPoker.fr" (C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico) HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 1146 Fichier(s) C:\Program Files\Ad-Remover\Backup: 29 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 28/07/2011 21:26:15 (12989 Octet(s)) C:\Ad-Report-CLEAN[2].txt - 29/07/2011 10:11:05 (6345 Octet(s)) C:\Ad-Report-SCAN[1].txt - 28/07/2011 21:11:18 (17615 Octet(s)) C:\Ad-Report-SCAN[2].txt - 28/07/2011 21:25:29 (17681 Octet(s)) Fin à: 10:12:10, 29/07/2011 ============== E.O.F ============== ...et zhp en hébergé: Mon lien -
Bonjour, je récupère mon ordi de retour de vacance et quand j'ouvre mozilla...ben a plus mozilla!! A la place j'ai une connerie de site "chat land" que j'n'arrive pas a virer J'ai d'abord lancer antivir et antimalware..qui m'ont trouvés des virus (ps ne laisser jamais votre ordi a une gamine de 20 piges ca craint!!)que j'ai du reste supprimés mais toujours cette saloperie qui perdure. Du coup j'ai lancé ZHP diag ad remover et HJ ...je vous mets les rapports si des fois une ame charitable voulait bien m'aiguiller Cordialement ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:11:13 le 28/07/2011, Mode normal Microsoft Windows XP Édition familiale Service Pack 3 (X86) radicho@PUPUCINO ( ) ============== RECHERCHE ============== Fichier trouvé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\extensions\toolbar@ask.com Fichier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchplugins\askcom.xml Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchqutb Fichier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchplugins\SearchquWebSearch.xml Fichier trouvé: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\searchplugins\cherche.xml Fichier trouvé: C:\Documents and Settings\radicho\scriptjava.html Fichier trouvé: C:\Documents and Settings\radicho\tmp1.7 Dossier trouvé: C:\Program Files\Ask.com Dossier trouvé: C:\Documents and Settings\radicho\Application Data\SearchquTB Dossier trouvé: C:\Documents and Settings\radicho\Application Data\Viewpoint Dossier trouvé: C:\Documents and Settings\radicho\Application Data\OfferBox Dossier trouvé: C:\Program Files\OfferBox -- Fichier ouvert: C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default\Prefs.js -- Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne trouvée: user_pref("browser.search.order.1", "Ask.com"); Ligne trouvée: user_pref("browser.search.selectedEngine", "Ask.com"); Ligne trouvée: user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Ligne trouvée: user_pref("extensions.asktb.cbid", "GL"); Ligne trouvée: user_pref("extensions.asktb.config-updated", false); Ligne trouvée: user_pref("extensions.asktb.crumb", "2011.07.28+11.57.10-toolbar006iad-FR-THlvbixGcmFuY2U%3D"); Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}... Ligne trouvée: user_pref("extensions.asktb.dtid", "YYYYYYT6FR"); Ligne trouvée: user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchqu.com/web?src=ffb&systemid=... Ligne trouvée: user_pref("extensions.asktb.first-launch", true); Ligne trouvée: user_pref("extensions.asktb.first-restart-after-config-update", true); Ligne trouvée: user_pref("extensions.asktb.fresh-install", false); Ligne trouvée: user_pref("extensions.asktb.guid", "FD015A73-5AEE-48E9-AD0A-41798C0988DA"); Ligne trouvée: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com... Ligne trouvée: user_pref("extensions.asktb.if", "first"); Ligne trouvée: user_pref("extensions.asktb.l", "dis"); Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1311879713339"); Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne trouvée: user_pref("extensions.asktb.location", "Lyon,France"); Ligne trouvée: user_pref("extensions.asktb.o", "10168"); Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871"); Ligne trouvée: user_pref("extensions.asktb.r", "4"); Ligne trouvée: user_pref("extensions.asktb.sa", "YES"); Ligne trouvée: user_pref("extensions.asktb.saguid", "B42C5179-7CCA-4B9C-9324-B9A4BAC98602"); Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", false); Ligne trouvée: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Ligne trouvée: user_pref("extensions.asktb.themeid", ""); Ligne trouvée: user_pref("extensions.asktb.to", ""); Ligne trouvée: user_pref("extensions.asktb.version", "5.11.3.15590"); Ligne trouvée: user_pref("extensions.enabledItems", "{a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10,{CAFEEFAC-0016-0... Ligne trouvée: user_pref("extensions.newAddons", "toolbar@ask.com"); Ligne trouvée: user_pref("extensions.snipit.askTbInstalled", true); Ligne trouvée: user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=403&q="); -- Fichier Fermé -- Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020} Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore Clé trouvée: HKLM\Software\Classes\BandooCore.BandooCore.1 Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr Clé trouvée: HKLM\Software\Classes\BandooCore.ResourcesMngr.1 Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr Clé trouvée: HKLM\Software\Classes\BandooCore.SettingsMngr.1 Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr Clé trouvée: HKLM\Software\Classes\BandooCore.StatisticMngr.1 Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé trouvée: HKLM\Software\Classes\AppID\BandooCore.EXE Clé trouvée: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKLM\Software\AskToolbar Clé trouvée: HKLM\Software\bandoo Clé trouvée: HKLM\Software\DataMngr Clé trouvée: HKLM\Software\OfferBox Clé trouvée: HKLM\Software\SearchquMediabarTb Clé trouvée: HKLM\Software\Titan Poker Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\AskToolbar Clé trouvée: HKCU\Software\DataMngr Clé trouvée: HKCU\Software\Grand Virtual Clé trouvée: HKCU\Software\searchqutb Clé trouvée: HKCU\Software\Spointer Clé trouvée: HKLM\Software\Canneverbe Limited\OpenCandy Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu MediaBar Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Clé trouvée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DataMngr Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020} Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.8 (fr)] **** Plugins\npFoxitReaderPlugin.dll (Foxit Software Company) HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x) HKLM_MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 (x) Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=403&q={searchTerms}/) Searchplugins\SiteVacuum.xml (<SearchPlugin xmlns=hxxp://www.mozilla.org/2006/browser/search/<ShortNameGoogle Search Community</ShortName<DescriptionGoogle Power + Community</Description<InputEncodingUTF-8</InputEncoding<Image width=16 height=16data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAUbWAUfbAUnfE1PZE1TeAU3jCk/gA1TlClPkCVjmD1zmE1bhEFjlE13lHmboKGrlMWvlP3jlVYLhVYLkVYPnWIXkWInobZHjapXrdpvpgKLq////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+iJwJgAAAQB0Uk5T////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsAAAA7AAWrWiQkAAAAYdEVYdFNvZnR3YXJlAFBhaW50Lk5FVCB2My4zNTDus58AAABrSURBVChTdY9JEoAgDARR3HBF3HX+/00NagStcm7pdMFE7J+IPzDb2OVtjBuAdXyAWQAJTIYNTXsC0AxqSBvUDlzGA7LmBEXOhkoq2quEfylla59IuUccDq4vFYuC3usvaO78e8h4zXyLcw4at7Hur4NtIQAAAABJRU5ErkJggg==</Image<Url type=application/x-suggestions+json method=GET template=hxxp://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}/hxxp://www.google.fr/cse<Param name=cx value=partner-pub-8885210189291163:81bei0-h4yd/<Param name=hl value=fr/<Param name=ie value=UTF-8/<Param name=oe value=UTF-8/<Param name=sa value=Search/<Param name=q value={searchTerms}/<!-- Dynamic parameters --<MozParam name=client condition=defaultEngine trueValue=firefox-a falseValue=firefox/</Url<SearchFormhxxp://www.europowersearch.com/Results.aspx</SearchForm</SearchPlugin) Components\GooglePlusVideosXPCOM.dll (?) Components\SiteVacuumXPCOM.dll (?) -- C:\Documents and Settings\radicho\Application Data\Mozilla\FireFox\Profiles\zydvn8dp.default -- Extensions\toolbar@ask.com (Ask Toolbar) Extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} (MegaUpload Time Attack) Extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} (Searchqu Toolbar) Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} (FireFTP) Searchplugins\askcom.xml (?) Searchplugins\cherche.xml (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5...) Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=403&q={searchTerms}/) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\radicho\\Bureau Prefs.js - browser.search.defaultenginename, Ask.com Prefs.js - browser.search.selectedEngine, Ask.com Prefs.js - browser.startup.homepage, hxxp://www.search-web.net/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.8 Prefs.js - keyword.URL, hxxp://www.searchqu.com/web?src=ffb&systemid=403&q= ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Page_URL - hxxp://www.search-web.net HKCU_Main|Default_Search_URL - hxxp://www.search-web.net/keyword/ HKCU_Main|First Home Page - hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 HKCU_Main|SearchMigratedDefaultURL - hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A5... HKCU_Main|Search bar - hxxp://www.search-web.net HKCU_Main|Search Page - hxxp://www.search-web.net HKCU_Main|Start Page - hxxp://www.search-web.net HKLM_Main|Default_Page_URL - hxxp://www.google.com HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search Page - hxxp://www.google.com HKLM_Main|Start Page - hxxp://www.msn.com/ HKCU_URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC} - "UrlSearchHook Class" (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll) HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTe...) HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "search-web.net" (hxxp://search-web.net/results.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&...) HKCU_Toolbar|{1E796980-9CC5-11D1-A83F-00C04FC99D61} (x) HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (x) HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKLM_Toolbar|{7FF99715-3016-4381-84CE-E4E4C9673020} (C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll) HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Program Files\Ask.com\GenericAskToolbar.dll) HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} - C:\Program Files\Fun4IM\BndCore.exe (x) HKLM_ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} - C:\Program Files\Fun4IM\ExtensionsManager.exe (x) HKLM_ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\uninstall.exe (Discordia Ltd.) HKLM_ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} - C:\Program Files\Fun4IM\Bandoo.exe (x) HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Program Files\Ask.com\SaUpdate.exe (?) HKLM_ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} - C:\Program Files\Fun4IM\BandooUI.exe (x) HKCU_Extensions\{0FC33475-3DB9-41E0-9E94-598B59D139F2} - "888poker" (C:\Microgaming\Poker\888MPP\MPPoker.exe,2) HKLM_Extensions\{06568ceb-5721-47d4-9d93-7e604fcbaeab} - "PMU Poker" (C:\Program Files\PMU\PMUPoker\Images\ppicon.ico) HKLM_Extensions\{725EC34E-943C-4df6-B0B2-FBDE7F242276} - "PartyPoker.fr" (C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico) HKLM_Extensions\{90EAE591-7E7E-434a-8E28-ECFD00071806} - "PokerStars.fr" (C:\Program Files\PokerStars.FR\main.ico) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll) BHO\{7FF99715-3016-4381-84CE-E4E4C9673020} - "Searchqu Toolbar" (C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll) BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "Ask Toolbar" (C:\Program Files\Ask.com\GenericAskToolbar.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 28/07/2011 21:11:18 (6018 Octet(s)) Fin à: 21:11:47, 28/07/2011 ============== E.O.F ============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:12:33, on 28/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE C:\Program Files\Java\jre6\bin\javaw.exe C:\WINDOWS\system32\cscript.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-web.net/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Chat, rencontre, Tchat, rencontres R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-web.net/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Chat, rencontre, Tchat, rencontres R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Chat, rencontre, Tchat, rencontres R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Chat, rencontre, Tchat, rencontres R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Chat, rencontre, Tchat, rencontres R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = Chat, rencontre, Tchat, rencontres R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'elephant') O4 - Startup: Protection.lnk = C:\Documents and Settings\radicho\Protection.jar O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec search-web - C:\Documents and Settings\radicho\scriptjava.html O8 - Extra context menu item: uStart Search - res://C:\Documents and Settings\radicho\Local Settings\Application Data\addtoustart\addtoustart.dll/202 O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Documents and Settings\radicho\Bureau\PMU Poker.lnk O9 - Extra 'Tools' menuitem: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} - C:\Documents and Settings\radicho\Bureau\PMU Poker.lnk O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Documents and Settings\radicho\Bureau\PartyPoker.fr.lnk O9 - Extra 'Tools' menuitem: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} - C:\Documents and Settings\radicho\Bureau\PartyPoker.fr.lnk O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: 888poker - {0FC33475-3DB9-41E0-9E94-598B59D139F2} - C:\Microgaming\Poker\888MPP\MPPoker.exe (HKCU) O15 - Trusted Zone: Chat, rencontre, Tchat, rencontres O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 6856 bytes Rapport de ZHPDiag v1.28.02 par Nicolas Coolman, Update du 28/07/2011 Run by radicho at 28/07/2011 21:14:31 Web site : ZHPDiag Outil de diagnostic ---\\ Web Browser MSIE: Internet Explorer v6.0.2900.5512 MFIE: Mozilla Firefox v (Defaut) ---\\ System Information Windows XP Home Edition Service Pack 3 (Build 2600) ~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1014 MB (48% free) System Restore: Activé (Enable) System drive C: has 55 GB (50%) free of 109 GB ---\\ Logged in mode ~ Computer Name: PUPUCINO ~ User Name: radicho ~ All Users Names: SUPPORT_388945a0, radicho, HelpAssistant, elephant, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O82 Logged in as Administrator ---\\ Environnement Variables ~ %AppData%=C:\Documents and Settings\radicho\Application Data\ ~ %Desktop%=C:\Documents and Settings\radicho\Bureau\ ~ %Favorites%=C:\Documents and Settings\radicho\Favoris\ ~ %LocalAppData%=C:\Documents and Settings\radicho\Local Settings\Application Data\ ~ %StartMenu%=C:\Documents and Settings\radicho\Menu Démarrer\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 55 Go of 109 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 7 Go of 37 Go) E:\ CD-ROM drive (Free 0 Go of 0 Go) F:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK ~ Scan Security Center in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.93AD0B78C7357A05F50E594EC7C22300] - (....) (.14/04/2008 - 03:34:20.) -- C:\WINDOWS\system32\rundll32.exe [33792] [MD5.0BABCDABF7463FCABA6EDE0CEFC8A4A3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/04/2011 - 15:47:19.) -- C:\WINDOWS\system32\wininet.dll [671232] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976] ~ Scan Generic Processes in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 44/247 ~ Mes musiques (My Musics) : 1/3 ~ Mes Videos (My Video) : 0/0 ~ Mes Favoris (My Favorites) : 1/15 ~ Mes Documents (My Documents) : 151/2867 ~ Mon Bureau (My Desktop) : 29/4684 ~ Menu demarrer (Programs) : 6/42 ~ Scan Hidden Files in 00mn 05s ---\\ Processus lancés [MD5.9015BC03F62940527EC92D45EE89E46F] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289] [MD5.B8720A787C1223492E6F319465E996CE] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089] [MD5.B0C9FFF54F16DF2012F53A34736A0975] - (.France Telecom SA - Orange Connection Kit.) -- C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [69632] [MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208] [MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [MD5.747E60B773E95F6C93D5621B550D6865] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008] [MD5.3E0724E99C129D0946279D7118482185] - (.Discordia, LTD - Data Manager.) -- C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE [985488] [MD5.45D9E6C134735854866608931269B43E] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\javaw.exe [145184] [MD5.23D42C651F89420F7232AEB7A2A43D03] - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\WINDOWS\system32\cscript.exe [135168] [MD5.BACCDA841C689D1CBA941F478E8ED24B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [910296] [MD5.642FA80C2C43EE609313746AA305DC86] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [14808] [MD5.C8CAD00860A4A621CB20354AEBB2B3D8] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [662016] ~ Scan Processes Running in 00mn 00s ---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1) P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Microsoft® C++ Runtime Library.) -- C:\Program Files\Opera\Program\Plugins\msvcp90.dll P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Microsoft® C Runtime Library.) -- C:\Program Files\Opera\Program\Plugins\msvcr90.dll P1 - OPN:Opera Plugin Navigator . (...) -- C:\Program Files\Opera\Program\Plugins\NPSWF32.dll P1 - OPN:Opera Plugin Navigator . (.Adobe Systems, Inc. - Adobe Flash Player Helper 10.0 r32.) -- C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe ~ Scan Opera Browser in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\radicho\Local Settings\Application Data\Mozilla\Firefox\Profiles\zydvn8dp.default\prefs.js M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\SiteVacuum.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [radicho] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeploytk.dll P2 - FPN:Firefox Plugin Navigator . (.Foxit Software Company - Foxit Reader Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\npFoxitReaderPlugin.dll P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.9] - (.the VideoLAN Team - Version 1.1.9, copyright 1996-2011 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll P2 - FPN: [HKLM] [@virtools.com/3DviaPlayer] - (.Dassault Systèmes - 3DVIA player(5.0.0.12). For more information, visit the <a href="http.) -- C:\Program Files\Virtools\3D Life Player\npvirtools.dll P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.) ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Chat, rencontre, Tchat, rencontres R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019-2736170881-2526285521-1674068758-1006\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Site Officiel - Ordinateur Portable | Dell France R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Chat, rencontre, Tchat, rencontres R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Chat, rencontre, Tchat, rencontres R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Chat, rencontre, Tchat, rencontres R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Chat, rencontre, Tchat, rencontres R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Search R1 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019-2736170881-2526285521-1674068758-1006\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.11.3.15590) -- C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (...) (No version) -- (.not file.) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (...) (No version) -- C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Scan Keys in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Scan Hosts File in 00mn 00s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 6.0 for Act.) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} . (.Pas de propriétaire - Searchqu Toolbar Link Library.) -- C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} . (.Pas de propriétaire - Searchqu Toolbar Link Library.) -- C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (...) -- (.not file.) ~ Scan Toolbar in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [DATAMNGR] . (.Discordia, LTD - Data Manager.) -- C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-2736170881-2526285521-1674068758-1019-2736170881-2526285521-1674068758-1006\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Scan Application in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 6.0.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A00000000001}\SC_Reader_PM.ico O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\CDBurnerXP.lnk . (.Canneverbe Limited.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - Global Startup: C:\Documents And Settings\radicho\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe O4 - Global Startup: C:\Documents And Settings\radicho\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Scan Global Startup in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.exe O8 - Extra context menu item: Recherche avec search-web . (...) -- C:\Documents and Settings\radicho\scriptjava.html O8 - Extra context menu item: uStart Search - (.not file.) - C:\Documents and Settings\radicho\Local Settings\Application Data\addtoustart\addtoustart.dll ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: PMU Poker - {06568ceb-5721-47d4-9d93-7e604fcbaeab} . (...) -- C:\Program Files\PMU\PMUPoker\Images\ppicon.ico O9 - Extra button: PartyPoker.fr - {725EC34E-943C-4df6-B0B2-FBDE7F242276} . (...) -- C:\Program Files\PartyFrance\PartyPokerFr\Images\ppicon.ico O9 - Extra button: PartyPoker.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} -- C:\Program Files\PokerStars.FR\main.ico (.not file.) O9 - Extra button: PartyPoker.fr - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ~ Scan Winsock in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.chat-land.org ~ Scan IE Zone Confiance in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{24B448E8-481F-4A03-A989-3A9C195CCC7F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{3298ACB0-7E66-4413-A519-87FCF51392AA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF3FEB9-14F3-431B-BFCB-AB20A2FE8877}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{24B448E8-481F-4A03-A989-3A9C195CCC7F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3298ACB0-7E66-4413-A519-87FCF51392AA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{6DF3FEB9-14F3-431B-BFCB-AB20A2FE8877}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{24B448E8-481F-4A03-A989-3A9C195CCC7F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{3298ACB0-7E66-4413-A519-87FCF51392AA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{6DF3FEB9-14F3-431B-BFCB-AB20A2FE8877}: DhcpNameServer = 192.168.1.1 ~ Scan Domain in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\WINDOWS\system32\Mshtml.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL ~ Scan Protocole Additionnel in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notification.) -- C:\Windows\System32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll ~ Scan Winlogon in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ~ Scan SSODL in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ~ Scan STS/SSO in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) . (.France Telecom SA - Orange Connection Kit.) - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMSAccess (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) . (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Scan Services in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe ~ Scan Desktop Component in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Nouvelle Tâche.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ~ Scan Scheduled Task in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for RootKit Detection.) - C:\WINDOWS\System32\DRIVERS\avipbb.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\System32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\System32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\System32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\System32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\System32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\System32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\System32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\System32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\System32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\System32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\System32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\System32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\System32\DRIVERS\serial.sys O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\System32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\System32\DRIVERS\termdd.sys O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ~ Scan Drivers in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: 3DVIA player 5.0 - (.3DVIA.) [HKLM] -- {4E868D3D-6EEB-4273-926C-2287236B5B79} O42 - Logiciel: 7-Zip 4.65 - (.Pas de propriétaire.) [HKLM] -- 7-Zip O42 - Logiciel: 725plc32 - (.Dell.) [HKLM] -- {162D2FB8-60A3-4871-B6A1-5C744CD34FF5} O42 - Logiciel: 802.11 USB Wireless LAN Adapter - (.Pas de propriétaire.) [HKLM] -- SiS163u O42 - Logiciel: ALZip - (.ESTsoft Corp..) [HKLM] -- ALZip_is1 O42 - Logiciel: Adobe Acrobat - Reader 6.0.2 Update - (.Adobe Systems.) [HKLM] -- {AC76BA86-0000-0000-0000-6028747ADE01} O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems.) [HKLM] -- ShockwaveFlash O42 - Logiciel: Adobe Reader 6.0.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A00000000001} O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop O42 - Logiciel: Bass Audio Decoder (remove only) - (.Pas de propriétaire.) [HKLM] -- Bass Audio Decoder O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: CD Audio Reader Filter (remove only) - (.Pas de propriétaire.) [HKLM] -- CD Audio Reader Filter O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1 O42 - Logiciel: Connexion Internet Orange - (.Pas de propriétaire.) [HKLM] -- {ORAHSS}.UninstallSuite O42 - Logiciel: DCoder Image Source (remove only) - (.Pas de propriétaire.) [HKLM] -- DCoder Image Source O42 - Logiciel: DScaler 5 Mpeg Decoders - (.Pas de propriétaire.) [HKLM] -- DScaler 5 Mpeg Decoders_is1 O42 - Logiciel: Dell Driver Reset Tool - (.Dell Inc..) [HKLM] -- {5905F42D-3F5F-4916-ADA6-94A3646AEE76} O42 - Logiciel: FFMPEG Core Files (remove only) - (.Pas de propriétaire.) [HKLM] -- FFMPEG Core Files O42 - Logiciel: Foxit PDF Editor - (.Pas de propriétaire.) [HKLM] -- Foxit PDF Editor O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) [HKLM] -- Foxit Reader O42 - Logiciel: Full Tilt Poker.Fr - (.Pas de propriétaire.) [HKLM] -- {34785AD0-6276-11DF-A08A-0800200C9A66} O42 - Logiciel: Gabest MPEG Splitter (remove only) - (.Pas de propriétaire.) [HKLM] -- Gabest MPEG Splitter O42 - Logiciel: Glary Utilities 2.35.0.1216 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1 O42 - Logiciel: HP Photo and Imaging 2.0 - Scanners - (.{&Tahoma8}Hewlett-Packard.) [HKLM] -- {6CC93102-135E-49E2-99A4-C431E671C12A} O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5 O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- {8A708DD8-A5E6-11D4-A706-000629E95E20} O42 - Logiciel: Intel® PRO Network Connections Drivers - (.Pas de propriétaire.) [HKLM] -- PROSet O42 - Logiciel: Intel® PROSet for Wired Connections - (.Dell.) [HKLM] -- {83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} O42 - Logiciel: Internet Explorer Default Page - (.Dell Inc..) [HKLM] -- {35BDEFF1-A610-4956-A00D-15453C116395} O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_03 - (.Sun Microsystems, Inc..) [HKLM] -- {7148F0A8-6813-11D6-A77B-00B0D0142030} O42 - Logiciel: Java 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF} O42 - Logiciel: Java 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070} O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player O42 - Logiciel: MONOGRAM AMR Splitter/Decoder (remove only) - (.Pas de propriétaire.) [HKLM] -- MONOGRAM AMR Splitter/Decoder O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Macromedia Dreamweaver 8 - (..) [HKLM] -- {5FD788ED-1A37-4496-9BDD-463F493B27FA} O42 - Logiciel: Macromedia Extension Manager - (.Nom de votre société.) [HKLM] -- {3C8C9FB3-5FDF-40B4-B314-EAD722728C76} O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033) O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447 O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {72AD53CC-CCC0-3757-8480-9EE176866A7C} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA - (.Microsoft Corporation.) [HKLM] -- {0BD83598-C2EF-3343-847B-7D2E84599128} O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702} O42 - Logiciel: Microsoft .NET Framework 4 Extended FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {043F86B7-EE12-3399-B2CA-D0B603D87963} O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1 O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {9111040C-6000-11D3-8CFE-0150048383C9} O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000 O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2} O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F} O42 - Logiciel: Microsoft Works 7.0 - (.Microsoft Corporation.) [HKLM] -- {64D114CE-4234-45C2-B60A-2B07D5A48F72} O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Extended FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended FRA Language Pack O42 - Logiciel: Mozilla Firefox (3.6. - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6. O42 - Logiciel: Nero 9 HD - (.Nero AG.) [HKLM] -- {e2bbe4e5-574c-4588-a231-d9afaef024a6} O42 - Logiciel: Notepad++ - (.Pas de propriétaire.) [HKLM] -- Notepad++ O42 - Logiciel: OpenSource AVI Splitter (remove only) - (.Pas de propriétaire.) [HKLM] -- OpenSource AVI Splitter O42 - Logiciel: OpenSource DTS/AC3/DD+ Source Filter (remove only) - (.Pas de propriétaire.) [HKLM] -- OpenSource DTS/AC3/DD+ Source Filter O42 - Logiciel: OpenSource Flash Video Splitter (remove only) - (.Pas de propriétaire.) [HKLM] -- OpenSource Flash Video Splitter O42 - Logiciel: Optimisation Windows - (.Pas de propriétaire.) [HKLM] -- ST6UNST #1 O42 - Logiciel: PMU Poker - (.PMU.) [HKLM] -- PMUPoker O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM] -- PartyPokerFr O42 - Logiciel: Picasa 2 - (.Google, Inc..) [HKLM] -- Picasa2 O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr O42 - Logiciel: PokerStrategy.com Elephant - (.PokerStrategy.com.) [HKLM] -- {C2F8468F-85AB-4D08-A68E-01D328E7B261} O42 - Logiciel: PostgreSQL 8.3 - (.PostgreSQL Global Development Group.) [HKLM] -- {B823632F-3B72-4514-8861-B961CE263224} O42 - Logiciel: RealMedia (remove only) - (.Pas de propriétaire.) [HKLM] -- RealMedia O42 - Logiciel: SHOUTcast Source (remove only) - (.Pas de propriétaire.) [HKLM] -- SHOUTcast Source O42 - Logiciel: Samsung ML-1640 Series - (.Samsung Electronics CO.,LTD.) [HKLM] -- Samsung ML-1640 Series O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2416472) - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2416472 O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663 O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870 O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] -- {5B6BE547-21E2-49CA-B2E2-6A5F470593B1} O42 - Logiciel: Sonic Update Manager - (.Sonic Solutions.) [HKLM] -- {30465B6C-B53F-49A1-9EBA-A3F187AD502E} O42 - Logiciel: TomTom HOME 2.7.6.2056 - (.TomTom.) [HKLM] -- TomTom HOME O42 - Logiciel: TomTom HOME Visual Studio Merge Modules - (.TomTom International B.V..) [HKLM] -- {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} O42 - Logiciel: Tomtomax Maxi-Box V2.0.21 - (.Tomtomax et KoakDesign.) [HKLM] -- {A10F672B-01C4-498F-ADBD-3E5B144284B7}_is1 O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228 O42 - Logiciel: VLC media player 1.1.9 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: WinPatrol - (.Pas de propriétaire.) [HKLM] -- WinPatrol O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Installer 3.1 (KB893803) - (.Microsoft Corporation.) [HKLM] -- KB893803v2 O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11 O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11 O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} O42 - Logiciel: Windows Searchqu Toolbar - (.Bandoo Media Inc.) [HKLM] -- Searchqu MediaBar O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP O42 - Logiciel: Zeb-Utility 1.2 - (.Pas de propriétaire.) [HKLM] -- Zeb-Utility 1.2 ---\\ HKCU & HKLM Software Keys [HKCU\Software\7-Zip] [HKCU\Software\?? ?? ???? ????? ??? ?? ????] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Ask.com] [HKCU\Software\AskToolbar] [HKCU\Software\Audacity] [HKCU\Software\Avira] [HKCU\Software\BillP Studios] [HKCU\Software\CDDB] [HKCU\Software\Canneverbe Limited] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Corel] [HKCU\Software\DSP-worx] [HKCU\Software\DT Soft] [HKCU\Software\DataMngr] [HKCU\Software\EstSoft] [HKCU\Software\Foxit Software Company] [HKCU\Software\Foxit Software] [HKCU\Software\Full Tilt Poker.fr] [HKCU\Software\Gabest] [HKCU\Software\GlarySoft] [HKCU\Software\Google] [HKCU\Software\Grand Virtual] [HKCU\Software\Hewlett-Packard] [HKCU\Software\InstallShield] [HKCU\Software\Intel] [HKCU\Software\InterActual Technologies] [HKCU\Software\JavaSoft] [HKCU\Software\Keops] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\MGS] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Microgaming] [HKCU\Software\Mirabilis] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\MyWaySA] [HKCU\Software\Nero] [HKCU\Software\Northcode Inc] [HKCU\Software\Novell] [HKCU\Software\ODBC] [HKCU\Software\PMU] [HKCU\Software\PartyFrance] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\Protexis] [HKCU\Software\RealNetworks] [HKCU\Software\SSPrint] [HKCU\Software\SampleView] [HKCU\Software\Samsung] [HKCU\Software\Smart Projects] [HKCU\Software\Soft-R Research] [HKCU\Software\Sonic] [HKCU\Software\Spointer] [HKCU\Software\Textalk] [HKCU\Software\TomTom] [HKCU\Software\Trolltech] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\VSO] [HKCU\Software\Virtools] [HKCU\Software\VirtualDub.org] [HKCU\Software\WinRAR SFX] [HKCU\Software\eChanblard] [HKCU\Software\pgAdmin III] [HKCU\Software\searchqutb] [HKLM\Software\Adobe] [HKLM\Software\Ahead] [HKLM\Software\America Online] [HKLM\Software\AskToolbar] [HKLM\Software\Avira] [HKLM\Software\Bandoo] [HKLM\Software\BillP Studios] [HKLM\Software\C07ft5Y] [HKLM\Software\Canneverbe Limited] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Corel] [HKLM\Software\DT Soft] [HKLM\Software\DataMngr] [HKLM\Software\Debug] [HKLM\Software\Dell Computers] [HKLM\Software\Dell] [HKLM\Software\DirectShowFilters] [HKLM\Software\EnterpriseDB] [HKLM\Software\EstSoft] [HKLM\Software\FDEInstaller] [HKLM\Software\FRANCE TELECOM] [HKLM\Software\FREEzeFrog] [HKLM\Software\Foxit Software] [HKLM\Software\Full Tilt Poker] [HKLM\Software\Gabest] [HKLM\Software\Genesys Logic] [HKLM\Software\GlarySoft] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\InterActual Technologies] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\L&H] [HKLM\Software\Licenses] [HKLM\Software\MCCI] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NeoWorx] [HKLM\Software\Nero] [HKLM\Software\Notepad] [HKLM\Software\ODBC] [HKLM\Software\OfferBox] [HKLM\Software\PTECH] [HKLM\Software\Panasonic] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\PostgreSQL] [HKLM\Software\Program Groups] [HKLM\Software\Protexis] [HKLM\Software\RealNetworks] [HKLM\Software\RegisteredApplications] [HKLM\Software\Reviversoft] [HKLM\Software\Roxio] [HKLM\Software\SSPrint] [HKLM\Software\Samsung] [HKLM\Software\SearchquMediabarTb] [HKLM\Software\SecureDigitalServices] [HKLM\Software\Sigmatel] [HKLM\Software\Sonic] [HKLM\Software\Symantec] [HKLM\Software\Titan Poker] [HKLM\Software\TomTom] [HKLM\Software\TrendMicro] [HKLM\Software\VSO] [HKLM\Software\VideoLAN] [HKLM\Software\Virtools] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\X-AVCSD] [HKLM\Software\XHEO INC] [HKLM\Software\Zeb-Utility] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 07/10/2010 - 10:52:16 - [3094515] ----D- C:\Program Files\7-Zip O43 - CFD: 28/07/2011 - 21:11:14 - [2824456] ----D- C:\Program Files\Ad-Remover O43 - CFD: 11/08/2006 - 13:56:20 - [75869596] ----D- C:\Program Files\Adobe O43 - CFD: 17/08/2006 - 08:50:58 - [0] ----D- C:\Program Files\Alwil Software O43 - CFD: 28/07/2011 - 20:57:32 - [1948615] ----D- C:\Program Files\Ask.com O43 - CFD: 09/06/2009 - 16:07:32 - [184798016] ----D- C:\Program Files\Avira O43 - CFD: 07/10/2010 - 10:51:02 - [667719] ----D- C:\Program Files\Bass Audio Decoder O43 - CFD: 02/04/2007 - 06:47:30 - [849109] ----D- C:\Program Files\BillP Studios O43 - CFD: 27/03/2011 - 11:52:52 - [4474622] ----D- C:\Program Files\CCleaner O43 - CFD: 07/10/2010 - 10:51:56 - [299361] ----D- C:\Program Files\CD Audio Reader Filter O43 - CFD: 06/10/2010 - 10:39:08 - [17424536] ----D- C:\Program Files\CDBurnerXP O43 - CFD: 07/10/2010 - 11:16:58 - [12298627] ----D- C:\Program Files\Combined Community Codec Pack O43 - CFD: 27/04/2010 - 12:52:58 - [10308220] ----D- C:\Program Files\DAEMON Tools Lite O43 - CFD: 07/10/2010 - 10:52:18 - [220642] ----D- C:\Program Files\DCoder Image Source O43 - CFD: 07/10/2010 - 10:51:28 - [1556125] ----D- C:\Program Files\DScaler5 O43 - CFD: 21/09/2010 - 11:14:24 - [3814099895] ----D- C:\Program Files\eChanblard O43 - CFD: 26/11/2008 - 20:27:48 - [12324757] ----D- C:\Program Files\ESTsoft O43 - CFD: 07/10/2010 - 10:52:10 - [9978642] ----D- C:\Program Files\FFMPEG Core Files O43 - CFD: 10/02/2011 - 15:13:34 - [501811889] ----D- C:\Program Files\Fichiers communs O43 - CFD: 04/07/2011 - 21:23:00 - [12737862] ----D- C:\Program Files\Foxit Software O43 - CFD: 20/07/2011 - 15:48:22 - [0] ----D- C:\Program Files\FREEzeFrog O43 - CFD: 04/07/2011 - 08:36:08 - [109781604] ----D- C:\Program Files\Full Tilt Poker.Fr O43 - CFD: 07/10/2010 - 10:51:54 - [450848] ----D- C:\Program Files\Gabest MPEG Splitter O43 - CFD: 28/07/2011 - 20:59:00 - [26321114] ----D- C:\Program Files\Glary Utilities O43 - CFD: 16/07/2010 - 20:45:28 - [136120] ----D- C:\Program Files\Google O43 - CFD: 02/02/2011 - 18:15:14 - [119832525] ----D- C:\Program Files\Hewlett-Packard O43 - CFD: 28/07/2011 - 21:10:10 - [815437] ----D- C:\Program Files\HijackThis O43 - CFD: 31/01/2011 - 13:36:18 - [68993] ----D- C:\Program Files\icons O43 - CFD: 11/08/2006 - 13:53:40 - [15569742] ----D- C:\Program Files\Intel O43 - CFD: 13/09/2010 - 19:33:20 - [1931061] ----D- C:\Program Files\Internet Explorer O43 - CFD: 08/10/2008 - 17:39:22 - [380928] ----D- C:\Program Files\Inventel O43 - CFD: 13/11/2009 - 16:04:54 - [197888510] ----D- C:\Program Files\Java O43 - CFD: 22/09/2010 - 14:17:50 - [161654006] ----D- C:\Program Files\Macromedia O43 - CFD: 28/07/2011 - 19:45:34 - [7105823] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 19/06/2009 - 23:46:14 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD: 20/08/2004 - 11:37:28 - [0] ----D- C:\Program Files\microsoft frontpage O43 - CFD: 30/06/2011 - 16:02:40 - [179463645] ----D- C:\Program Files\Microsoft Office O43 - CFD: 11/08/2006 - 13:54:52 - [110228165] ----D- C:\Program Files\Microsoft Works O43 - CFD: 09/01/2011 - 12:24:00 - [339327] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 07/10/2010 - 10:51:56 - [721262] ----D- C:\Program Files\MONOGRAM AMR SplitterDecoder O43 - CFD: 12/08/2010 - 23:26:36 - [10374874] ----D- C:\Program Files\Movie Maker O43 - CFD: 20/07/2011 - 13:31:14 - [31117097] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 04/11/2009 - 11:21:02 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 20/08/2004 - 11:34:16 - [8745735] ----D- C:\Program Files\MSN Gaming Zone O43 - CFD: 29/01/2009 - 11:19:20 - [1125420414] ----D- C:\Program Files\Nero O43 - CFD: 27/06/2010 - 21:23:02 - [3149824] ----D- C:\Program Files\NetMeeting O43 - CFD: 31/01/2011 - 22:03:32 - [4876587] ----D- C:\Program Files\Notepad++ O43 - CFD: 01/02/2011 - 15:25:34 - [96600] ----D- C:\Program Files\OfferBox O43 - CFD: 16/07/2010 - 20:45:30 - [6401970] ----D- C:\Program Files\OpenOffice.org 3 O43 - CFD: 07/10/2010 - 10:51:54 - [430370] ----D- C:\Program Files\OpenSource AVI Splitter O43 - CFD: 07/10/2010 - 10:51:52 - [342313] ----D- C:\Program Files\OpenSource DTSAC3DD+ Source Filter O43 - CFD: 07/10/2010 - 10:51:12 - [396583] ----D- C:\Program Files\OpenSource Flash Video Splitter O43 - CFD: 31/01/2011 - 13:31:24 - [5367157] ----D- C:\Program Files\Opera O43 - CFD: 17/08/2006 - 08:52:46 - [3364329] ----D- C:\Program Files\Optimisation Windows O43 - CFD: 14/09/2010 - 13:17:46 - [351969645] ----D- C:\Program Files\Orange O43 - CFD: 15/12/2010 - 23:38:38 - [4379321] ----D- C:\Program Files\Outlook Express O43 - CFD: 29/06/2011 - 09:01:34 - [43254006] ----D- C:\Program Files\PartyFrance O43 - CFD: 31/01/2011 - 22:03:32 - [39161625] ----D- C:\Program Files\Picasa2 O43 - CFD: 20/07/2011 - 13:31:12 - [50616926] ----D- C:\Program Files\PMU O43 - CFD: 08/06/2011 - 11:11:32 - [89458347] ----D- C:\Program Files\PokerStars.FR O43 - CFD: 05/04/2011 - 14:05:14 - [81407047] ----D- C:\Program Files\PokerStrategy.com O43 - CFD: 05/04/2011 - 14:07:24 - [1647823064] ----D- C:\Program Files\PostgreSQL O43 - CFD: 07/10/2010 - 10:51:50 - [12785326] ----D- C:\Program Files\RealMedia O43 - CFD: 04/11/2009 - 11:20:56 - [37949185] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 16/07/2010 - 20:47:04 - [1236821] ----D- C:\Program Files\RegCleaner O43 - CFD: 12/09/2008 - 15:12:50 - [4972544] ----D- C:\Program Files\Roxio O43 - CFD: 31/03/2011 - 12:51:58 - [0] ----D- C:\Program Files\RVG Software O43 - CFD: 16/07/2010 - 21:07:18 - [51495603] ----D- C:\Program Files\Samsung O43 - CFD: 07/10/2010 - 10:51:58 - [278883] ----D- C:\Program Files\SHOUTcast Source O43 - CFD: 28/01/2009 - 18:31:54 - [9709951] ----D- C:\Program Files\Smart Projects O43 - CFD: 11/08/2006 - 13:59:46 - [154] ----D- C:\Program Files\Sonic O43 - CFD: 06/10/2010 - 09:58:14 - [50448426] ----D- C:\Program Files\TomTom HOME 2 O43 - CFD: 06/10/2010 - 09:58:40 - [22486] ----D- C:\Program Files\TomTom International B.V O43 - CFD: 06/10/2010 - 13:11:32 - [2179492] ----D- C:\Program Files\Tomtomax Maxi-Box O43 - CFD: 17/06/2008 - 14:22:32 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 20/11/2008 - 17:26:20 - [89777002] ----D- C:\Program Files\VideoLAN O43 - CFD: 19/12/2010 - 18:36:38 - [15324543] ----D- C:\Program Files\Virtools O43 - CFD: 24/10/2009 - 12:38:56 - [3317984] ----D- C:\Program Files\VSO O43 - CFD: 09/12/2008 - 13:24:46 - [3581070] ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD: 31/01/2011 - 22:03:32 - [3214608] ----D- C:\Program Files\Windows Media Player O43 - CFD: 29/09/2008 - 09:01:58 - [3942655] ----D- C:\Program Files\Windows NT O43 - CFD: 01/02/2011 - 13:45:10 - [10910651] ----D- C:\Program Files\Windows Searchqu Toolbar O43 - CFD: 29/01/2009 - 11:17:06 - [49852356] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 16/08/2006 - 23:23:42 - [0] --H-D- C:\Program Files\WindowsUpdate O43 - CFD: 20/08/2004 - 11:37:28 - [0] ----D- C:\Program Files\xerox O43 - CFD: 02/02/2011 - 18:16:24 - [89822996] ----D- C:\Program Files\Zeb-Utility O43 - CFD: 28/07/2011 - 21:14:40 - [3936128] ----D- C:\Program Files\ZHPDiag O43 - CFD: 17/08/2006 - 12:18:14 - [62919] ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD: 30/09/2006 - 12:05:04 - [86016] ----D- C:\Program Files\Fichiers Communs\DESIGNER O43 - CFD: 14/09/2010 - 13:07:44 - [8113537] ----D- C:\Program Files\Fichiers Communs\France Telecom O43 - CFD: 19/01/2011 - 12:07:50 - [115118] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard O43 - CFD: 11/08/2006 - 13:57:38 - [13500015] ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD: 11/08/2006 - 13:49:04 - [55448464] ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD: 22/09/2010 - 14:18:54 - [1003644] ----D- C:\Program Files\Fichiers Communs\Macromedia O43 - CFD: 15/07/2010 - 03:04:26 - [134729567] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD: 20/08/2004 - 11:35:30 - [568832] ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD: 29/01/2009 - 11:43:14 - [218289668] ----D- C:\Program Files\Fichiers Communs\Nero O43 - CFD: 11/08/2006 - 13:56:00 - [2392177] ----D- C:\Program Files\Fichiers Communs\Nullsoft O43 - CFD: 10/02/2011 - 15:13:34 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD: 30/06/2009 - 23:53:28 - [106260] ----D- C:\Program Files\Fichiers Communs\Real O43 - CFD: 16/07/2010 - 19:08:34 - [5757937] ----D- C:\Program Files\Fichiers Communs\Roxio Shared O43 - CFD: 20/08/2004 - 11:35:32 - [8106] ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD: 20/08/2004 - 11:30:36 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD: 29/09/2008 - 09:01:54 - [20169119] ----D- C:\Program Files\Fichiers Communs\System O43 - CFD: 18/06/2009 - 20:45:34 - [37394753] ----D- C:\Program Files\Fichiers Communs\Windows Live O43 - CFD: 17/06/2008 - 14:26:08 - [7216150] ----D- C:\Documents and Settings\radicho\Application Data\Adobe O43 - CFD: 12/01/2008 - 19:58:36 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Apple Computer O43 - CFD: 06/10/2010 - 10:39:38 - [1524] ----D- C:\Documents and Settings\radicho\Application Data\Canneverbe Limited O43 - CFD: 16/08/2006 - 23:24:40 - [344064] ----D- C:\Documents and Settings\radicho\Application Data\Corel Photo Album O43 - CFD: 26/02/2009 - 14:16:28 - [481] ----D- C:\Documents and Settings\radicho\Application Data\DAEMON Tools O43 - CFD: 27/04/2010 - 13:07:28 - [2066] ----D- C:\Documents and Settings\radicho\Application Data\DAEMON Tools Lite O43 - CFD: 09/06/2009 - 14:19:24 - [0] ----D- C:\Documents and Settings\radicho\Application Data\DartyBox O43 - CFD: 31/01/2011 - 18:43:42 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Dossier de téléchargement Share-to-Web O43 - CFD: 31/01/2011 - 18:43:42 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Dossier de téléchargement Share-to-Web O43 - CFD: 19/07/2011 - 15:18:10 - [311] ----D- C:\Documents and Settings\radicho\Application Data\dvdcss O43 - CFD: 20/10/2006 - 12:43:32 - [64] ----D- C:\Documents and Settings\radicho\Application Data\EFF O43 - CFD: 26/11/2008 - 20:28:08 - [1003] ----D- C:\Documents and Settings\radicho\Application Data\ESTsoft O43 - CFD: 11/02/2009 - 18:19:28 - [34100] ----D- C:\Documents and Settings\radicho\Application Data\Foxit O43 - CFD: 20/07/2011 - 15:48:22 - [0] ----D- C:\Documents and Settings\radicho\Application Data\FREEzeFrog O43 - CFD: 16/07/2010 - 21:07:58 - [86031] ----D- C:\Documents and Settings\radicho\Application Data\GlarySoft O43 - CFD: 29/01/2009 - 14:45:44 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Help O43 - CFD: 04/11/2009 - 20:15:08 - [7827599] ----D- C:\Documents and Settings\radicho\Application Data\HouseCall 6.6 O43 - CFD: 14/05/2009 - 15:21:50 - [21358] ----D- C:\Documents and Settings\radicho\Application Data\Icone O43 - CFD: 21/05/2009 - 16:11:46 - [4638] ----D- C:\Documents and Settings\radicho\Application Data\Identities O43 - CFD: 26/10/2010 - 15:55:24 - [1525754] ----D- C:\Documents and Settings\radicho\Application Data\KompoZer O43 - CFD: 26/10/2010 - 15:58:40 - [213051] ----D- C:\Documents and Settings\radicho\Application Data\kompozer.net O43 - CFD: 19/08/2006 - 15:55:40 - [510] ----D- C:\Documents and Settings\radicho\Application Data\Leadertech O43 - CFD: 22/09/2010 - 15:36:14 - [5614741] ----D- C:\Documents and Settings\radicho\Application Data\Macromedia O43 - CFD: 09/06/2009 - 14:45:12 - [19438458] ----D- C:\Documents and Settings\radicho\Application Data\Malwarebytes O43 - CFD: 26/07/2011 - 13:43:46 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Media Player Classic O43 - CFD: 29/03/2011 - 11:33:50 - [1722522] ----D- C:\Documents and Settings\radicho\Application Data\Microgaming O43 - CFD: 02/02/2011 - 19:46:18 - [9474456] -S--D- C:\Documents and Settings\radicho\Application Data\Microsoft O43 - CFD: 08/11/2010 - 11:45:44 - [584590] ----D- C:\Documents and Settings\radicho\Application Data\moovida-1 O43 - CFD: 09/11/2010 - 18:30:08 - [16881690] ----D- C:\Documents and Settings\radicho\Application Data\Mozilla O43 - CFD: 21/01/2011 - 22:51:58 - [964414] ----D- C:\Documents and Settings\radicho\Application Data\Mozilla-Cache O43 - CFD: 18/06/2009 - 20:44:46 - [1559] ----D- C:\Documents and Settings\radicho\Application Data\MSN6 O43 - CFD: 29/01/2009 - 12:59:54 - [1733363] ----D- C:\Documents and Settings\radicho\Application Data\Nero O43 - CFD: 23/09/2010 - 12:28:14 - [105761] ----D- C:\Documents and Settings\radicho\Application Data\Notepad++ O43 - CFD: 31/01/2011 - 13:36:24 - [238766] ----D- C:\Documents and Settings\radicho\Application Data\OfferBox O43 - CFD: 05/02/2009 - 17:16:26 - [2345150] ----D- C:\Documents and Settings\radicho\Application Data\OpenOffice.org O43 - CFD: 09/06/2009 - 11:30:00 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Panasonic O43 - CFD: 08/03/2011 - 22:39:34 - [343027] ----D- C:\Documents and Settings\radicho\Application Data\Reviversoft O43 - CFD: 16/07/2010 - 21:07:26 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Samsung O43 - CFD: 01/07/2011 - 12:37:02 - [23929] ----D- C:\Documents and Settings\radicho\Application Data\searchqutb O43 - CFD: 12/12/2010 - 20:35:02 - [835584] ----D- C:\Documents and Settings\radicho\Application Data\Soft-R Research O43 - CFD: 29/08/2006 - 08:48:44 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Sonic O43 - CFD: 30/07/2007 - 20:44:54 - [246628] ----D- C:\Documents and Settings\radicho\Application Data\Sony Ericsson O43 - CFD: 11/08/2006 - 13:49:12 - [16176577] ----D- C:\Documents and Settings\radicho\Application Data\Sun O43 - CFD: 11/08/2006 - 14:02:34 - [0] ----D- C:\Documents and Settings\radicho\Application Data\Symantec O43 - CFD: 18/09/2009 - 14:18:02 - [19532] ----D- C:\Documents and Settings\radicho\Application Data\TeamViewer O43 - CFD: 30/07/2007 - 20:45:42 - [7416860] ----D- C:\Documents and Settings\radicho\Application Data\Teleca O43 - CFD: 19/08/2006 - 11:56:30 - [8704] ----D- C:\Documents and Settings\radicho\Application Data\Template O43 - CFD: 06/10/2010 - 09:58:58 - [952691] ----D- C:\Documents and Settings\radicho\Application Data\TomTom O43 - CFD: 07/12/2010 - 09:11:54 - [289492] ----D- C:\Documents and Settings\radicho\Application Data\Uniblue O43 - CFD: 01/12/2007 - 07:59:30 - [33126] ----D- C:\Documents and Settings\radicho\Application Data\Viewpoint O43 - CFD: 20/07/2011 - 21:48:30 - [1312441] ----D- C:\Documents and Settings\radicho\Application Data\vlc O43 - CFD: 07/09/2009 - 13:53:04 - [7957] ----D- C:\Documents and Settings\radicho\Application Data\Vso O43 - CFD: 02/04/2007 - 06:47:36 - [790] ----D- C:\Documents and Settings\radicho\Application Data\WinPatrol O43 - CFD: 11/08/2006 - 13:56:08 - [0] ----D- C:\Documents and Settings\radicho\Application Data\You've Got Pictures Screensaver O43 - CFD: 21/05/2009 - 16:11:44 - [3774] ----D- C:\Documents and Settings\radicho\Application Data\Zylom O43 - CFD: 19/12/2010 - 18:37:06 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\3DVIA O43 - CFD: 16/07/2010 - 19:07:22 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\addtoustart O43 - CFD: 17/08/2006 - 12:50:16 - [250793] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Adobe O43 - CFD: 12/01/2008 - 19:43:26 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Apple O43 - CFD: 12/01/2008 - 19:43:14 - [19906] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Apple Computer O43 - CFD: 17/09/2010 - 09:51:38 - [10559] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\ApplicationHistory O43 - CFD: 14/03/2011 - 18:30:24 - [2003961] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\cache O43 - CFD: 16/08/2006 - 23:24:38 - [16712] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Corel Photo Album O43 - CFD: 14/01/2011 - 12:14:44 - [146144968] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Downloaded Installations O43 - CFD: 14/01/2011 - 12:20:44 - [65] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Equilab O43 - CFD: 09/06/2011 - 16:37:58 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\FullTiltPoker O43 - CFD: 28/06/2011 - 17:16:30 - [1324790] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\FullTiltPoker.fr O43 - CFD: 15/07/2010 - 20:33:38 - [35294418] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Google O43 - CFD: 16/08/2006 - 16:43:46 - [5509716] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Identities O43 - CFD: 31/03/2011 - 10:22:54 - [152177] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\In The Money O43 - CFD: 28/01/2011 - 13:34:22 - [1532] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\IsolatedStorage O43 - CFD: 10/07/2011 - 13:22:58 - [27280211] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Microsoft O43 - CFD: 08/11/2010 - 11:54:20 - [134199] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\moovida Air O43 - CFD: 16/08/2006 - 16:52:04 - [82284681] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Mozilla O43 - CFD: 07/10/2010 - 11:19:48 - [79261] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\Nero O43 - CFD: 07/12/2010 - 09:11:30 - [0] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\PackageAware O43 - CFD: 05/04/2011 - 14:06:46 - [116226392] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\PokerStrategy.com O43 - CFD: 06/10/2010 - 09:58:58 - [2033276] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\TomTom O43 - CFD: 11/08/2006 - 13:49:02 - [10043904] ----D- C:\Documents and Settings\radicho\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} ~ Scan Program Folder in 00mn 05s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.CEC7B266CA431DB7DA4ED2610A6B2E79] - 28/07/2011 - 20:11:47 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [17615] O44 - LFC:[MD5.01AA82EB44C393969A662B97EA8EC31D] - 28/07/2011 - 20:01:15 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1821826] O44 - LFC:[MD5.55922DAB65CBB518351AF1697BC8A096] - 28/07/2011 - 19:59:55 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/07/2011 - 19:59:36 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.B0AA0ADF5A68B5DC6E1FBC56A6B5872D] - 28/07/2011 - 19:59:25 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] O44 - LFC:[MD5.7A690BF466A60BE97A4D056E1078F55A] - 28/07/2011 - 19:59:23 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 28/07/2011 - 19:59:05 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.B56C831484B2FB1545B47A6866FD89A7] - 28/07/2011 - 19:57:43 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32274] O44 - LFC:[MD5.0A47EAFFC885BCDE091BC5CFE6D34F24] - 28/07/2011 - 19:56:51 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\WINDOWS\isRS-000.tmp [704000] O44 - LFC:[MD5.4679A2329C2BD00E927AFEB8918747D7] - 14/07/2011 - 15:05:03 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [239144] O44 - LFC:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 06/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [22712] O44 - LFC:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 06/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [41272] O44 - LFC:[MD5.8F433AFE9BC750D743C96A1563E4059F] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [1256934] O44 - LFC:[MD5.D1A1F049A8B84609AA1ED044BB5EE6C2] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [89850] O44 - LFC:[MD5.8606EDB14043D35CAF7E929D5B4400EF] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat [106528] O44 - LFC:[MD5.673FF07622C87FCFEA9CDD027422EE98] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [507056] O44 - LFC:[MD5.89329F65B1C008230374B9F6170A2254] - 30/06/2011 - 15:06:54 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat [580482] ~ Scan Files in 00mn 46s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\eChanblard\emule.exe" [Enabled] .(.http://www.emule-project.net - eMule.) -- C:\Program Files\eChanblard\emule.exe O47 - AAKE:Key Export SP - "C:\Program Files\Java\jre6\bin\java.exe" [Enabled] .(.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\java.exe O47 - AAKE:Key Export SP - "C:\Program Files\PartyFrance\PartyFrance.exe" [Enabled] .(.Pas de propriétaire - PartyGaming MFC Application.) -- C:\Program Files\PartyFrance\PartyFrance.exe O47 - AAKE:Key Export SP - "C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe" [Enabled] .(.Pas de propriétaire - RunApp MFC Application.) -- C:\Program Files\PartyFrance\PartyPokerFr\RunApp.exe O47 - AAKE:Key Export SP - "C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe" [Enabled] .(...) -- C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" [Enabled] .(.France Telecom SA.) -- C:\Program Files\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe" [Enabled] .(...) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Nam O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe ~ Scan Keys in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\System32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\System32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\System32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\System32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\System32\Drivers\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\System32\Drivers\rdpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\System32\Drivers\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\System32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\System32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\System32\Drivers\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\System32\Drivers\vgasave.sys (.not file.) ~ Scan CSB in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ Scan IFEO in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{90836209-d11f-11df-aa51-0016766e727d}\AutoRun\command. (...) -- G:\InstallTomTomHOME.exe (.not file.) ~ Scan Keys in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="ffdshow Video Codec" . (...) -- (.not file.) ~ Scan Keys in 00mn 00s ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 ~ Scan Keys in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 17/08/2006 - 21:51:56 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\WINDOWS\system32\drivers\aliide.sys [5248] O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\amdagp.sys [43008] O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 17/08/2006 - 21:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\drivers\asc.sys [26496] O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 17/08/2006 - 21:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\drivers\asc3550.sys [14848] O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 09/06/2009 - 11:17:49 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416] O58 - SDL:[MD5.14FE36D8F2C6A2435275338D061A0B66] - 09/06/2009 - 10:02:31 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [56816] O58 - SDL:[MD5.2DAA8CC2670720DEDDCC74A20EDE2EE9] - 09/06/2009 - 11:28:39 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360] O58 - SDL:[MD5.AD9BD66A862116E79CB45BB6BE46055F] - 09/06/2009 - 09:32:47 ---A- . (.Avira GmbH - Avira Driver for RootKit Detection.) -- C:\WINDOWS\system32\drivers\avipbb.sys [96104] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 20/08/2004 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 17/08/2006 - 17:04:44 ---A- . (.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) -- C:\WINDOWS\system32\drivers\cmdide.sys [6656] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 20/08/2004 - 12:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 17/08/2006 - 21:52:16 ---A- . (.Mylex Corporation - Mylex Disk Array Controller Driver.) -- C:\WINDOWS\system32\drivers\dac2w2k.sys [179584] O58 - SDL:[MD5.95974E66D3DE4951D29E28E8BC0B644C] - 17/08/2006 - 01:30:46 ---A- . (.Intel Corporation - Intel® PRO/100 Adapter NDIS 5.1 driver.) -- C:\WINDOWS\system32\drivers\e100b325.sys [155648] O58 - SDL:[MD5.CABBA915F11FF2013C550BB1A9B977DF] - 17/08/2006 - 22:27:16 ---A- . (.SingleClick Systems - SCS NDIS 5.0 Wireless Protocol Driver.) -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys [13696] O58 - SDL:[MD5.5A8E05F1D5C36ABD58CFFA111EB325EA] - 17/08/2006 - 14:15:18 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\ialmnt5.sys [1302812] O58 - SDL:[MD5.9121D8FFFF773C66BBF4955E4F7AAC23] - 11/08/2006 - 15:12:14 ---A- . (.Intel Corporation - Intel® Network Adapter Diagnostic Driver.) -- C:\WINDOWS\system32\drivers\iqvw32.sys [19456] O58 - SDL:[MD5.ECA00EED9AB95489007B0EF84C7149DE] - 09/06/2009 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22712] O58 - SDL:[MD5.B18225739ED9CAA83BA2DF966E9F43E8] - 28/07/2011 - 18:52:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [41272] O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 17/08/2006 - 21:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\drivers\mraid35x.sys [17280] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 20/08/2004 - 12:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032] O58 - SDL:[MD5.2B298519EDBFCF451D43E0F1E8F1006D] - 17/08/2006 - 22:29:56 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys [1897408] O58 - SDL:[MD5.EC0D523B492764B15B3B6B1E17172201] - 17/08/2006 - 22:26:10 ---A- . (.SingleClick Systems - SCS NDIS 5.0 Auto IP Protocol Driver.) -- C:\WINDOWS\system32\drivers\packet.sys [13312] O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 04/09/2009 - 08:14:26 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\drivers\pcouffin.sys [47360] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 17/08/2006 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.F7BB4E7A7C02AB4A2672937E124E306E] - 05/12/2007 - 22:53:22 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys [36560] O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 17/08/2006 - 21:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1080.sys [40320] O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 17/08/2006 - 21:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql12160.sys [45312] O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 17/08/2006 - 21:52:18 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1280.sys [49024] O58 - SDL:[MD5.2C4FB2E9F039287767C384E46EE91030] - 06/01/2010 - 16:18:02 R--A- . (.Research in Motion Ltd - RIM Virtual Serial Driver.) -- C:\WINDOWS\system32\drivers\RimSerial.sys [27136] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 20/08/2004 - 12:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 20/08/2004 - 12:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032] O58 - SDL:[MD5.62AF804EBB0CC6A34DDD1B0AACACD47F] - 30/07/2007 - 08:46:52 R--A- . (.MCCI - Sony Ericsson Device 043 Driver Driver.) -- C:\WINDOWS\system32\drivers\SE2Bbus.sys [61600] O58 - SDL:[MD5.58F020F88F5DB6F57C6229ED26C02290] - 30/07/2007 - 08:46:54 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bcm.sys [6240] O58 - SDL:[MD5.58F020F88F5DB6F57C6229ED26C02290] - 30/07/2007 - 08:46:54 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bcmnt.sys [6240] O58 - SDL:[MD5.F5AE0A580F850E358B79B6D37C560904] - 30/07/2007 - 08:46:58 R--A- . (.MCCI - Sony Ericsson Device 043 USB Ethernet Emulation (WDM class regi.) -- C:\WINDOWS\system32\drivers\se2Bcr.sys [4128] O58 - SDL:[MD5.FEF0BC327F083210C5A5DD890BF41C0A] - 30/07/2007 - 08:46:58 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\SE2Bmdfl.sys [9360] O58 - SDL:[MD5.00CFA9A63E3915BEE7E3FBC23213B8FD] - 30/07/2007 - 08:47:00 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\SE2Bmdm.sys [97184] O58 - SDL:[MD5.46147915DA4525A95E9404B646DF91EF] - 30/07/2007 - 08:47:06 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\SE2Bmgmt.sys [88688] O58 - SDL:[MD5.DBAAF0DE434F4D88DB40DB3AFAB301FE] - 30/07/2007 - 08:47:08 R--A- . (.MCCI - Sony Ericsson Device 043 USB Ethernet Emulation (NDIS 5 Minipor.) -- C:\WINDOWS\system32\drivers\se2Bnd5.sys [18704] O58 - SDL:[MD5.98B2F0E34D1F3AEE840F741C161C01EE] - 30/07/2007 - 08:47:10 R--A- . (.MCCI - Sony Ericsson Device 043 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\SE2Bobex.sys [86560] O58 - SDL:[MD5.29ACFCC6AFBA06DFD7C66C5C33087F9C] - 30/07/2007 - 08:47:18 R--A- . (.MCCI - Sony Ericsson Device 043 USB Ethernet Emulation.) -- C:\WINDOWS\system32\drivers\se2Bunic.sys [90800] O58 - SDL:[MD5.7217C7C599DBF2322CC245F807004E6F] - 30/07/2007 - 08:47:22 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bwh.sys [5872] O58 - SDL:[MD5.7217C7C599DBF2322CC245F807004E6F] - 30/07/2007 - 08:47:22 R--A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\SE2Bwhnt.sys [5872] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.4EDC881C138E778FEB9BD24CBC6B33ED] - 20/06/2005 - 10:12:00 ---A- . (.SiS Corporation - SiS163 usb Wireless LAN Adapter Driver.) -- C:\WINDOWS\system32\drivers\sis163u.sys [215040] O58 - SDL:[MD5.6B33D0EBD30DB32E27D1D78FE946A754] - 13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\sisagp.sys [40960] O58 - SDL:[MD5.A1ECEEAA5C5E74B2499EB51D38185B84] - 17/05/2009 - 20:56:16 ---A- . (.Sony Corporation - Sony USB Lower Filter driver.) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS [7552] O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 17/08/2006 - 22:07:44 ---A- . (.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) -- C:\WINDOWS\system32\drivers\sparrow.sys [19072] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2009 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696] O58 - SDL:[MD5.3AD0362CF68DE3AC500E981700242CCA] - 09/06/2009 - 19:48:11 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.DF5C19F053EFF7F8BA25D73AEA899656] - 25/10/2009 - 01:47:38 ---A- . (.MCCI - SAMSUNG Mobile USB Device II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_bus.sys [58320] O58 - SDL:[MD5.A2C7705A4745A60B875F931860DF3557] - 25/10/2009 - 01:49:28 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cm.sys [6176] O58 - SDL:[MD5.A2C7705A4745A60B875F931860DF3557] - 25/10/2009 - 01:49:28 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_cmnt.sys [6176] O58 - SDL:[MD5.5347169FA449EABC4D0728AE39FAB926] - 25/10/2009 - 01:49:34 ---A- . (.MCCI - SAMSUNG Mobile USB Modem II 1.0 Filter Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys [8336] O58 - SDL:[MD5.7AAE23DD105EED15C4F45FC269FA42A9] - 25/10/2009 - 01:49:38 ---A- . (.MCCI - SAMSUNG Mobile USB Modem II 1.0 Driver.) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys [94000] O58 - SDL:[MD5.5F4D52B9C1A7312598D88CBAECB3FC70] - 25/10/2009 - 01:47:34 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_wh.sys [5840] O58 - SDL:[MD5.5F4D52B9C1A7312598D88CBAECB3FC70] - 25/10/2009 - 01:47:34 ---A- . (.MCCI - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\ssm_whnt.sys [5840] O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 06/10/2010 - 13:48:56 ---A- . (...) -- C:\WINDOWS\system32\drivers\StarOpen.sys [7168] O58 - SDL:[MD5.2A2DC39623ADEF8AB3703AB9FAC4B440] - 17/08/2006 - 14:36:00 ---A- . (.SigmaTel, Inc. - NDRC.) -- C:\WINDOWS\system32\drivers\sthda.sys [1047816] O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 17/08/2006 - 22:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys [16256] O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 17/08/2006 - 22:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys [32640] O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 17/08/2006 - 22:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys [28384] O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 17/08/2006 - 22:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys [30688] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 20/08/2004 - 12:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376] O58 - SDL:[MD5.1961590AA191B6B7DCF18A6A693AF7B8] - 09/06/2009 - 13:14:57 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 SPR Protocol Driver.) -- C:\WINDOWS\system32\drivers\TV_551805_Sp50.sys [27072] O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 17/08/2006 - 21:52:22 ---A- . (.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) -- C:\WINDOWS\system32\drivers\ultra.sys [36736] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 20/08/2004 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.22068DCA607F93BF5FD5926390FB478F] - 17/08/2006 - 22:29:38 ---A- . (.SingleClick Systems - SCS NDIS 5.0 Wireless Security Protocol Driver.) -- C:\WINDOWS\system32\drivers\wsp_pkt.sys [13568] O58 - SDL:[MD5.801F16225EADCEFDAC17319AD163F80E] - 17/08/2006 - 22:26:57 RSH-- . (...) -- C:\WINDOWS\system32\058CE3B643.sys [88] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.9C2E00D5A3B0B6B012BA59FCE2C3F0C9] - 16/08/2006 - 08:53:14 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [6580] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 11/08/2006 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 20/08/2004 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] O58 - SDL:[MD5.B670C5D89F0726B7A2A7DFB4E968CDF8] - 14/09/2010 - 11:22:58 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\WINDOWS\system32\pcampr5.sys [34688] O58 - SDL:[MD5.ECD2F9D67B06606064DAF6961A6D5EFE] - 14/09/2010 - 11:22:58 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\pcandis5.sys [32128] ~ Scan Drivers in 00mn 01s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: RSIT - (.random/random.) O63 - Logiciel: Toolbar SD - (.IDN Team.) ~ Scan ADS in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\aliide.sys - No object(No service) .(.Acer Laboratories Inc. - ALi mini IDE Driver.) - LEGACY_ALIIDE O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\amdagp.sys - No object(No service) .(.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) - LEGACY_AMDAGP O64 - Services: CurCS - 16/07/2009 - C:\Program Files\Avira\AntiVir Desktop\sched.exe - Avira AntiVir Planificateur(AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - 18/08/2009 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe - Avira AntiVir Guard(AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) - LEGACY_ASC O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc3550.sys - No object(No service) .(.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) - LEGACY_ASC3550 O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - 11/12/2009 - C:\WINDOWS\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - 30/03/2009 - C:\WINDOWS\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for RootKit Detection.) - LEGACY_AVIPBB O64 - Services: CurCS - 23/08/2001 - C:\WINDOWS\system32\DRIVERS\cmdide.sys - No object(No service) .(.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) - LEGACY_CMDIDE O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - No object(No service) .(.Mylex Corporation - Mylex Disk Array Controller Driver.) - LEGACY_DAC2W2K O64 - Services: CurCS - 10/01/2008 - C:\WINDOWS\system32\Drivers\DgiVecp.sys - DgiVecp(DgiVecp) .(.Samsung Electronics Co., Ltd. - Windows 2k,XP IEEE-1284 parallel class driv.) - LEGACY_DGIVECP O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\dmadmin.exe - Service d'administration du Gestionnaire de disque logique(dmadmin) .(.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - LEGACY_DMADMIN O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\drivers\dmboot.sys - dmboot(dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT O64 - Services: CurCS - 05/08/2004 - C:\WINDOWS\System32\drivers\dmload.sys - dmload(dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - 24/08/2009 - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe - France Telecom Routing Table Service(FTRTSVC) .(.France Telecom SA - Orange Connection Kit.) - LEGACY_FTRTSVC O64 - Services: CurCS - 04/01/2007 - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Updater Service(gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - 11/10/2009 - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter(JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - 06/07/2011 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys - MBAMSwissArmy(MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\mraid35x.sys - No object(No service) .(.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows.) - LEGACY_MRAID35X O64 - Services: CurCS - 19/11/2004 - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe - Intel NCS NetService(NetSvc) .(.Intel® Corporation - NetSvc Module.) - LEGACY_NETSVC O64 - Services: CurCS - 04/03/2010 - C:\Program Files\CDBurnerXP\NMSAccessU.exe - NMSAccess (NMSAccess) .(...) - LEGACY_NMSACCESS O64 - Services: CurCS - 24/08/2009 - C:\WINDOWS\system32\PCAMPR5.sys - No object(No service) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) - LEGACY_PCAMPR5 O64 - Services: CurCS - 24/08/2009 - C:\WINDOWS\system32\PCANDIS5.sys - PCANDIS5 NDIS Protocol Driver(PCANDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_PCANDIS5 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1080.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1080 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql12160.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL12160 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ql1280.sys - No object(No service) .(.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) - LEGACY_QL1280 O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\sisagp.sys - No object(No service) .(.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) - LEGACY_SISAGP O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sparrow.sys - No object(No service) .(.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) - LEGACY_SPARROW O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD O64 - Services: CurCS - 16/07/2009 - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - ??/??/???? - C:\WINDOWS\system32\Drivers\SSPORT.sys (.not file.) - SSPORT (SSPORT) .(...) - LEGACY_SSPORT O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc810.sys - No object(No service) .(.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) - LEGACY_SYMC810 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys - No object(No service) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_hi.sys - No object(No service) .(.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) - LEGACY_SYM_HI O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sym_u3.sys - No object(No service) .(.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) - LEGACY_SYM_U3 O64 - Services: CurCS - 24/08/2010 - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe - TomTomHOMEService(TomTomHOMEService) .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE O64 - Services: CurCS - 09/06/2009 - C:\WINDOWS\System32\Drivers\TV_551805_Sp50.sys - TV_551805_Sp50 NDIS Protocol Driver(TV_551805_Sp50) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 SPR Protocol Driver.) - LEGACY_TV_551805_SP50 O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\ultra.sys - No object(No service) .(.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) - LEGACY_ULTRA ~ Scan Services in 00mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {2A5D1C44-CD3F-4514-A15B-B0BF238447B2} - (Google Custom Search) - Google O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} [DefaultScope] - (search-web.net) - http://search-web.net3A%23FFFFF0%3B&ie=iso-8859-1&oe=iso-8859-1&sa=Rechercher&lang=en&q={searchTerms} O69 - SBI: SearchScopes [HKCU] {574C8A75-3535-46BD-888C-7FDDE22927FC} - (Live Search) - Bing O69 - SBI: SearchScopes [HKCU] {A540D69B-1CD5-44FA-9B2A-DFEA5EBD97F1} - (uStart) - http://www.ustart.orgNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11 ~ Scan Keys in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.0FFDFED8004B5E46BECAB345258D6182] [sPRF][05/04/2011] (...) -- C:\Documents and Settings\radicho\Local Settings\Application Data\postgresinstall.bat [379] [MD5.254FBCA565E049648B0CCE2CEADF05D2] [sPRF][07/09/2009] (...) -- C:\Documents and Settings\radicho\Application Data\inst.exe [87608] [MD5.5B6C11DE7E839C05248CED8825470FEF] [sPRF][07/09/2009] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Documents and Settings\radicho\Application Data\pcouffin.sys [47360] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.D8FB851A9FBD62352FD74283F9C14C77] [sPRF][10/06/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792] ~ Scan Files in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : 8555 - (28/07/2011) Clés trouvées (Keys found) : 64 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 10 Fichiers trouvés (Files found) : 1 [HKLM\Software\Classes\AppID\bandoocore.exe] =>Adware.Bandoo [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.bandoocore] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.bandoocore.1] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.resourcesmngr] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.resourcesmngr.1] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.settingsmngr] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.settingsmngr.1] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.statisticmngr] =>Adware.Bandoo [HKLM\Software\Classes\bandoocore.statisticmngr.1] =>Adware.Bandoo [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.AskSBar [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.AskSBar [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}] =>Adware.Bandoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent [HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.AskSBar [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2}] =>Adware.EasySearch [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2A5D1C44-CD3F-4514-A15B-B0BF238447B2}] =>Adware.EasySearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}] =>Adware.Bandoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}] =>Hijacker.ChercheUS [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo [HKLM\Software\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.AskSBar [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}] =>Adware.Bandoo [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5}] =>PUP.Eorezo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] =>Adware.SPointer [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent [HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar [HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec search-web] =>Hijacker.ChercheUS [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\Ask.com] =>Toolbar.AskBarDis [HKCU\Software\AskToolbar] =>Toolbar.AskTBar [HKLM\Software\AskToolbar] =>Toolbar.AskTBar [HKLM\Software\Bandoo] =>Adware.Bandoo [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\FREEzeFrog] =>Adware.FreezeFrog [HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive [HKLM\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\PartyFrance] =>Casino.OnlineGames [HKLM\Software\SearchquMediabarTb] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\Spointer] =>Adware.SPointer [HKLM\Software\titan poker] =>Adware.Casino [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchqu mediabar] =>Adware.Bandoo [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShoppingReport2 [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar C:\Program Files\Ask.com =>Toolbar.AskBar C:\Program Files\FREEzeFrog =>Keylogger.Agent C:\Program Files\OfferBox =>PUP.OfferBox C:\Program Files\Windows Searchqu Toolbar =>Adware.Bandoo C:\Documents and Settings\radicho\Application Data\FREEzeFrog =>Keylogger.Agent C:\Documents and Settings\radicho\Application Data\OfferBox =>PUP.OfferBox C:\Documents and Settings\radicho\Application Data\searchqutb =>Adware.Bandoo C:\Documents and Settings\radicho\Application Data\Viewpoint =>Adware.MetaStream C:\Documents and Settings\radicho\Local Settings\Application Data\moovida air =>Adware.SPointer C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml =>Adware.Bandoo ~ Scan Additionnel in 00mn 11s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 09/06/2009 108289 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 09/06/2009 185089 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe SR - | Auto 14/09/2010 69632 | (FTRTSVC) . (.France Telecom SA.) - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SS - | Demand 07/01/2007 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 11/10/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe SR - | Auto 29/01/2009 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe SS - | Demand 17/08/2006 147456 | (NetSvc) . (.Intel® Corporation.) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe SR - | Auto 06/10/2010 71096 | (NMSAccess) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe SR - | Auto 06/10/2010 92008 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Scan Services in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by radicho at 28/07/2011 21:15:52 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spkl.sys hal.dll >>UNKNOWN [0x86573938]<< spkl.sys 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8651DAB8] 3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP1T0L0-e[0x8653ED98] kernel: MBR read successfully user & kernel MBR OK ~ Scan MBR in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by radicho at 28/07/2011 21:15:54 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1298 lines in 01mn 23s)(0)
-
Bonjour, je me permet de vous demander votre aide pour l'ordinateur de ma belle mere. En gros rien ne marche, l'ordi met bien 10 minutes montre en main pour demmarer et presque autant pour ouvrir la premiere page internet. J'ai fait hier soir la manip antivir + malwerbytes....plusieurs infections repérées...malheureusement je n'ai pas pu faire cela en mode sans echec puisque ce dernier est impossible à lancer voila le rapport hijackthis que je viens d'exécuter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:54:15, on 21/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\QuickZip4\QuickZip.exe C:\DOCUME~1\fab\LOCALS~1\Temp\QZTEMP\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156780591548 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.51.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 7815 bytes merci d'avance pour votre aide
-
Problème afficahge internet, mise a jour antivir et mode sans echec
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
j'ai réalisé les 3 premières manips et aucun changement ....pour la dernière (sfc /scannow) je retrouve pas le cd Xp faut dire que le PC n'est pas tout jeune et avec les déménagements -
Problème afficahge internet, mise a jour antivir et mode sans echec
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
euh...le souci c'est que je peux toujours pas passer en mode sans echec. Puis je quand même tenter les manips en mode normal ? -
Problème afficahge internet, mise a jour antivir et mode sans echec
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Bonjour, voila les deux rapports, encore merci pour ton aide. Logfile of random's system information tool 1.06 (written by random/random) Run by radicho at 2009-11-09 10:52:06 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 59 GB (53%) free of 111 GB Total RAM: 1014 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:52:14, on 09/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\radicho\Mes documents\Téléchargements\RSIT.exe C:\Program Files\HijackThis\radicho.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 5307 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\avast! Antivirus.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-05 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-05 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-05 149280] "ISUSPM Startup"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856] "WinPatrol"=C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe [2005-12-12 222784] "Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-09-03 536576] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Assistant DartyBox"=C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe [2008-03-14 4678144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eChanblard\emule.exe"="C:\Program Files\eChanblard\emule.exe:*:Enabled:eMule" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-11-09 10:52:06 ----D---- C:\rsit 2009-11-08 17:51:04 ----D---- C:\Program Files\Ad-remover 2009-11-07 20:44:14 ----D---- C:\Program Files\HijackThis 2009-11-05 09:05:13 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-05 09:05:13 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-05 09:05:13 ----A---- C:\WINDOWS\system32\java.exe 2009-11-05 09:05:13 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-11-04 19:08:28 ----D---- C:\Documents and Settings\radicho\Application Data\HouseCall 6.6 2009-11-04 10:23:18 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-11-04 10:23:14 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-11-04 10:21:05 ----D---- C:\WINDOWS\system32\XPSViewer 2009-11-04 10:21:01 ----D---- C:\Program Files\MSBuild 2009-11-04 10:20:59 ----D---- C:\WINDOWS\system32\en-US 2009-11-04 10:20:54 ----D---- C:\Program Files\Reference Assemblies 2009-11-04 10:19:36 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-11-04 10:19:36 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-11-04 10:19:36 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-11-04 10:19:36 ----D---- C:\c90f3ecde34e38c9d3f8 2009-11-04 09:43:09 ----D---- C:\WINDOWS\LastGood(2) 2009-10-25 21:11:52 ----D---- C:\Documents and Settings\radicho\Application Data\Samsung 2009-10-25 21:00:40 ----A---- C:\WINDOWS\system32\framedyn.dll 2009-10-25 21:00:18 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-10-24 11:38:54 ----D---- C:\Program Files\VSO 2009-10-24 11:20:12 ----D---- C:\Config.Msi 2009-10-24 11:08:35 ----D---- C:\Documents and Settings\radicho\Application Data\Opera 2009-10-24 11:08:16 ----D---- C:\Program Files\Opera ======List of files/folders modified in the last 1 months====== 2009-11-09 10:51:03 ----D---- C:\Program Files\Mozilla Firefox 2009-11-09 10:22:47 ----D---- C:\WINDOWS\Prefetch 2009-11-09 09:40:04 ----D---- C:\WINDOWS\system32 2009-11-09 09:21:00 ----SHD---- C:\WINDOWS\Installer 2009-11-09 05:36:54 ----D---- C:\WINDOWS\Temp 2009-11-09 05:36:45 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-08 21:27:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-08 21:06:49 ----D---- C:\WINDOWS 2009-11-08 19:36:02 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-11-08 19:32:01 ----RD---- C:\Program Files 2009-11-07 09:01:18 ----D---- C:\Documents and Settings\radicho\Application Data\dvdcss 2009-11-07 03:12:52 ----D---- C:\WINDOWS\Microsoft.NET 2009-11-07 03:12:48 ----RSD---- C:\WINDOWS\assembly 2009-11-07 03:04:20 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-11-07 03:03:53 ----D---- C:\WINDOWS\WinSxS 2009-11-05 21:37:56 ----HD---- C:\WINDOWS\inf 2009-11-05 21:37:53 ----D---- C:\WINDOWS\system32\CatRoot 2009-11-05 21:36:30 ----D---- C:\WINDOWS\Registration 2009-11-05 09:04:56 ----D---- C:\Program Files\Java 2009-11-04 10:22:54 ----D---- C:\WINDOWS\system32\fr-fr 2009-11-04 10:22:33 ----D---- C:\WINDOWS\system32\mui 2009-11-04 10:20:58 ----RSD---- C:\WINDOWS\Fonts 2009-11-04 10:20:32 ----D---- C:\WINDOWS\system32\spool 2009-11-04 10:18:40 ----D---- C:\Program Files\Internet Explorer 2009-11-04 10:07:33 ----D---- C:\WINDOWS\system32\URTTemp 2009-11-04 09:47:41 ----D---- C:\WINDOWS\system32\config 2009-11-04 09:47:26 ----D---- C:\WINDOWS\system32\wbem 2009-10-29 08:11:15 ----D---- C:\WINDOWS\Help 2009-10-25 20:59:52 ----D---- C:\WINDOWS\system32\drivers 2009-10-25 20:59:26 ----HD---- C:\Program Files\InstallShield Installation Information 2009-10-25 20:59:26 ----D---- C:\Program Files\Samsung 2009-10-24 11:39:00 ----D---- C:\Program Files\eChanblard 2009-10-24 11:38:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-10-24 11:38:32 ----D---- C:\Program Files\VirtualDubMOD 2009-10-24 11:36:22 ----D---- C:\Program Files\Fichiers communs 2009-10-24 11:18:32 ----D---- C:\WINDOWS\system32\Restore 2009-10-19 13:53:33 ----D---- C:\WINDOWS\Debug 2009-10-16 12:24:17 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-16 28520] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-10-25 5632] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-18 55656] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [] S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [] S3 aojr47gh;aojr47gh; C:\WINDOWS\system32\drivers\aojr47gh.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-09-04 47360] S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys [2006-11-10 61600] S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys [2006-11-10 9360] S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys [2006-11-10 97184] S3 SE2Bmgmt;Sony Ericsson Device 043 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Bmgmt.sys [2006-11-10 88688] S3 se2Bnd5;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (NDIS); C:\WINDOWS\system32\DRIVERS\se2Bnd5.sys [2006-11-10 18704] S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys [2006-11-10 86560] S3 se2Bunic;Sony Ericsson Device 043 USB Ethernet Emulation SEMC43 (WDM); C:\WINDOWS\system32\DRIVERS\se2Bunic.sys [2006-11-10 90800] S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\TV_551805_Sp50.sys [2009-06-09 27072] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-16 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-05 153376] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-11-09 10:52:16 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 725plc32-->MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5} 802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001} Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CD Installation DartyBox-->"C:\Program Files\InstallShield Installation Information\{2962D91C-4D8F-46F8-AD24-0E17A92207A2}\setup.exe" -runfromtemp -l0x040c -removeonly Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation de la DartyBox en Ethernet-->"C:\Program Files\InstallShield Installation Information\{793CE0A7-2A75-4485-A81E-DFCE8AAF1702}\setup.exe" -runfromtemp -l0x040c -eth -pri /hide_progress -removeonly Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Intel® PRO Network Connections Drivers-->Prounstl.exe Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9111040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 9 HD-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M0A-8175-2AW4-MPPH-CPP9-66XH-C7H2-5C5E" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Opera 10.01-->MsiExec.exe /X{6CDC748B-47B0-45EB-B740-681E8429F7F9} Optimisation Windows-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Optimisation Windows\ST6UNST.LOG" Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335} SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung ML-1640 Series-->C:\Program Files\Samsung\Samsung ML-1640 Series\Install\Setup.exe /R SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe" VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPatrol-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" Zeb-Utility 1.2-->C:\Program Files\Zeb-Utility\Uninstal.exe ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: PUPUCINO Event Code: 4226 Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Record Number: 72514 Source Name: Tcpip Time Written: 20090915083226.000000+120 Event Type: Avertissement User: Computer Name: PUPUCINO Event Code: 7036 Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution. Record Number: 72513 Source Name: Service Control Manager Time Written: 20090915063140.000000+120 Event Type: Informations User: Computer Name: PUPUCINO Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de transfert intelligent en arrière-plan. Record Number: 72512 Source Name: Service Control Manager Time Written: 20090915063140.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: PUPUCINO Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté. Record Number: 72511 Source Name: Service Control Manager Time Written: 20090915062650.000000+120 Event Type: Informations User: Computer Name: PUPUCINO Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution. Record Number: 72510 Source Name: Service Control Manager Time Written: 20090915062644.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: PUPUCINO Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 12372 Source Name: Microsoft Fax Time Written: 20081005154625.000000+120 Event Type: Avertissement User: Computer Name: PUPUCINO Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 12371 Source Name: SecurityCenter Time Written: 20081005154624.000000+120 Event Type: Informations User: Computer Name: PUPUCINO Event Code: 1001 Message: Échec de détection du produit '{0240BDFB-2995-4A3F-8C96-18D41282B716}', fonctionnalité 'Complete' lors de la demande du composant '{45841DC5-0640-4865-8009-0D56DBD8461A}' Record Number: 12370 Source Name: MsiInstaller Time Written: 20081005154620.000000+120 Event Type: Avertissement User: PUPUCINO\radicho Computer Name: PUPUCINO Event Code: 1004 Message: Échec de détection du produit '{0240BDFB-2995-4A3F-8C96-18D41282B716}', fonctionnalité 'Complete', composant '{A42587F2-0F11-4DE4-8C09-84309B26C4C2}. La ressource 'C:\Program Files\Dell Network Assistant\ezi_gdi.dll' n'existe pas Record Number: 12369 Source Name: MsiInstaller Time Written: 20081005154620.000000+120 Event Type: Avertissement User: PUPUCINO\radicho Computer Name: PUPUCINO Event Code: 11729 Message: Produit : Dell Network Assistant -- La configuration a échoué. Record Number: 12368 Source Name: MsiInstaller Time Written: 20081004095337.000000+120 Event Type: Informations User: PUPUCINO\radicho ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0409 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip -----------------EOF----------------- -
Problème afficahge internet, mise a jour antivir et mode sans echec
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
euh...non ...absolument rien de changé, toujours impossible de passer en mode sans échec, toujours impossible de mettre a jour antivir....et toujours impossible d'afficher ce site internet par exemple : http://www.inrs.fr/ -
Problème afficahge internet, mise a jour antivir et mode sans echec
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Bonjour, tout d'abord merci de prendre la peine de m'aider. Voici les rapports suite à la manip^que vous m'avez demandé d'effectuer: --------- Logfile of AD-Remover 1.0.7.7 by C_XX --------- *** Limited to *** Boonty/BoontyGames Eorezo Everest Poker Funwebproduct/MyWay/MyWebsearch Messenger Skinner Sweetim ****************** # START at: 19:31:57 | Dim 08/11/2009 | Microsoft® Windows XP™ (v5.1.2600) # BOOT MODE: Normal # OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat # PC: PUPUCINO | USER: radicho ( Current user is an administrator) # DRIVE(S): - C:\ (File System: NTFS) - D:\ (File System: NTFS) # Internet Explorer v6.0.2900.5512 --------- [ RUNNING PROCESSES: 24 ] --------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ntvdm.exe ----------------------------------- (!) ---- IE start pages reset +-----------------------| Boonty/Boonty Games Elements Deleted : . +-----------------------| Eorezo Elements Deleted : "HKEY_CURRENT_USER\SOFTWARE\EoRezo" . [01/07/2009 02:47|d--------] C:\Program Files\EoRezo [30/06/2009 22:53|d--------] C:\Documents and Settings\radicho\Application Data\EoRezo +-----------------------| Everest Poker Elements Deleted : . +-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted : . +-----------------------| Messenger Skinner Elements Deleted : . +-----------------------| Sweetim Elements Deleted : . (!) ---- Temp files deleted. (!) ---- Recycle bin emptied in all drives. +-----------------------| ADDED SCAN : +---------- Scanning prefs.js ... ( # Mozilla User Preferences ) ...\zydvn8dp.default\prefs.js : ~~~~ Mozilla FireFox version 3.5.5 ~~~~ +----------+ +--[HKEY_CURRENT_USER\..\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe Assistant DartyBox REG_SZ C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m +--[HKEY_LOCAL_MACHINE\..\Run] igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe" ISUSPM Startup REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup WinPatrol REG_SZ "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" Samsung PanelMgr REG_SZ C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript +--[HKEY_USERS\.DEFAULT\..\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe +--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN] Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome +--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN] Start Page : hxxp://fr.msn.com/ +---------------------------------------------------------------------------+ - "C:\AD-report-Clean-08.11.2009.log" (~3817 bytes) - "C:\AD-report-Scan-08.11.2009.log" (~5201 bytes) # END at: 19:55:34 | 08/11/2009 - Time elapsed: 23 minutes, 36 seconds +---------------------------------------------------------------------------+ +------------------------------- [ E.O.F - 87 lines ] +---------------------------------------------------------------------------+ Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3129 Windows 5.1.2600 Service Pack 3 08/11/2009 20:54:42 mbam-log-2009-11-08 (20-54-42).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 163580 Temps écoulé: 27 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
Bonjour, Suite à un problème récurent d'affichage de certains sites internet (INRS, comité d'entreprise, ect...) ainsi que l'impossibilité de mettre antivir à jour j'ai essayé d'effectuer le tuto de désinfection que votre site propose. Cependant il m'est impossible de passer en mode sans échec (l'ordi plante a chaque foi après avoir choisit "mode sans échec" et affiche une page noir avec un curseur qui clignote). J'ai donc fait la manip de nettoyage en mode normal sans qu'aucun virus ne soit détecté. Puis j'ai réalisé un rapport HijackThis que je me permet de coller à la suite de ce message afin qu'une ame charitable puisse me venir en aide. Merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:50:07, on 07/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.html...edSearchLang=FR R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 5160 bytes
-
Rapport à analyser svp
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Merci pour vos réponses. J'ais effectivement suivi la procédure que tu m'indique. Ok pour l'onglet processus sous win 98. En résumé tout semble donc ok? merci pour tous -
Rapport à analyser svp
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
up! -
Bonjour a tous, serait-il possible que l'un d'entre vous analyse le rapport suivant. D'autre part je n'arrive pas à obtenir l'onglet processus lorsque je tape ctrl+alt+suppr est-ce normal? Merci pour vos réponses. Logfile of HijackThis v1.99.1 Scan saved at 12:40:30, on 11/03/06 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\PTUDFAPP.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\USBMONIT.EXE C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F1 - win.ini: run=hpfsched O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -on O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.EXE O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [FinePrint Dispatcher] C:\WINDOWS\SYSTEM\fpdisp3a.exe O4 - HKLM\..\Run: [irMon] IrMon.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [MOSearch] c:\PROGRA~1\FICHIE~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE" O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRAM FILES\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL=
-
Demande de Rapport HijackThis
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
Slt, oui effectivement ordinateur de bureau. pour panda en ligne je n'est pas internet explorer mai mozilla y a t il un autre moyen? amicalement -
Demande de Rapport HijackThis
nettoyantlunettes a répondu à un(e) sujet de nettoyantlunettes dans Analyses et éradication malwares
oui g pensait l'avoir fait g recommence merci ok cette foi ci ca devrai etre bon normalement merci pour votre rapidité Logfile of HijackThis v1.99.1 Scan saved at 13:16:19, on 03/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SPMSMON.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\laurent\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = immochevaleret.lan O17 - HKLM\Software\..\Telephony: DomainName = immochevaleret.lan O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = immochevaleret.lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = immochevaleret.lan O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -
Demande de Rapport HijackThis
nettoyantlunettes a posté un sujet dans Analyses et éradication malwares
Bonjour, Je vien de procéder à la manip de désinfection et comme il est stipulée dans celle ci je vous demande de bien vouloir l'analyser car pour moi c'est incompréhensible. Platform: Windows XP SP2 MSIE: Mozilla firefox cordialement laurent Logfile of HijackThis v1.99.1 Scan saved at 10:53:19, on 03/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SPMSMON.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\microsoft office\OFFICE11\WINWORD.EXE C:\DOCUME~1\laurent\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = immochevaleret.lan O17 - HKLM\Software\..\Telephony: DomainName = immochevaleret.lan O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = immochevaleret.lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = immochevaleret.lan O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe