Aller au contenu

rapasse

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    60

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par rapasse

  1. rapasse
    Bonjour pear, Dsl de ne plus avoir répondu, le pc concerner par ce post n'es plus en ma possession donc on arrête là. J'aurais voulu savoir vous pouviez ''regarder'' mon netbook car il deviens lent au démarrage et en règle général. Quelle logiciel je doit utiliser ? Merci de votre aide, bon début de soirée. rapasse.
  2. rapasse
    Merci, de me répondre. Je n'est pas réussi a faire la première manip le lien ne fonctionne pas. Voilà le rapport de la deuxième manip. Lien CJoint.com AHAbSAxCZmV Encore merci.
  3. rapasse
    Bonsoir, Je vous poste un post un log HijackThis car je pense avoir de petite bébête lol J'ai passer Ccleanner et Malwarebytes' Anti-Malware. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:37:39, on 25/08/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe C:\Program Files\CyberLink\PlayMovie\PMVService.exe C:\Program Files\F-Secure\common\FSM32.EXE C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Maxime\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [dartowns] "C:\ProgramData\base burn burn.odsfyve" O4 - HKCU\..\Run: [Hope Draw Obj Funk] "C:\ProgramData\Manager bike open.ryi1p" O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9665 bytes Merci de votre aide.
  4. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Bonjour, Non je ne peut pas je t'explique la box et dans mon couloir et mon pc (celui qui démarre pas) dans ma chambre en wifi et le deuxième pc est dans la chambre de mes parents à 15 mètres de la box au moins. J'ai un câble ethernet qui doit faire pas plus de 2 mètres. Je vais essayer de faire le cd aujourd'hui.
  5. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Oui pour sa je peut le faire je vais cher mon voisin et je peut créé un cd bootable! Je fait la méthode que bleuet ma indiquer?
  6. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Non je n'ai pas moyen de le relier au net, c'est un fixe. Il faut absolument pour faire ta méthode?
  7. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Alors lance_yien ma dit que c'était juste un autorin.inf. Puis un bon nettoyage. Dans la soiré je vais brancher mon DD sur un autre pc pour récupéré mes données. Ensuite je vais voir pour faire UBCD.
  8. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Oui, il a fonctionner normalement. Non pas d'infection depuis la dernière. Oui, il est correctement détecter. Ok je vais demander à lance_yien.
  9. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Oui oui je sais. Tu pense que c'est du à quoi le problème??
  10. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Bonjour tout le monde, Timat j'ai essayer rien a fonctionner... Bleuet oui les 4 alertes était pour se pc. Le DD j'ai l'impression qui s'arrête puis repart mais il le fait trés rarement. Charger UBCD va falloir que je trouve un ordi...
  11. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Je viens de l'arréter il n'a pas bouger du trait blanc...
  12. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Ok, la j'ai selectionné l'invite de commande en mode sans échec et sa clignote toujours...oui j'ai un autre pc xp mais pas relié à internet... Mon DD fait un drole de bruit...
  13. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    ok, je fais la manip. Non je vous répond par le biais de mon téléphone.
  14. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    non je n'est pas les liens car je suis avec m on portable dsl... Oui j'ai invite de commande en mode sans echec. Oui cela signifie que j'ai le tiret blanc, je les laisser plus d'une demi heur et rien a faire... Non je n'est pas d'autre pc.
  15. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    oui je connais vous voulez savoir quoi? Oui, la restauration était active. Oui, si j'appuye sur F7 pas F8 j'ai une page qui s'affiche avec le mode sans échec ou autre mais j'ai déja tout éssayer rien ne fonctionne...
  16. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Ok, mer ci de me répondre. C'est un Cd que j'ai fait moi même lors de l'achat du pc. Oui, il n'y a que le choix de la lettre r ou f. Non, je n'ai rien installer avant le problème.
  17. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Alors je viens de faire la manip. J'ai une console qui apparais mais je peut faire que 'r' pour afficher les options de réinstallation du système ou 'f' pour formater. Quand j'appuye sur 'r' j'ai pc recovery qui s'ouvre et qui l'indique que tout les fichiers de la partition utilisateurs seront effacés et les fichiers d'origine restaurés. Je fait quoi, je quitte ou continue? Si je branche mon DD sur un autre pc vous pensez que je peut reprendre mes donnés?
  18. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Ok, merci de votre réponse à tout les deux je vais tenter de suite l'opération! Dsl je n'avais pas vu ta demande. Alors j'avais quelques ralentissement mais pas de virus je car je suis passer par la section approprier du forum.
  19. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Ok, merci de votre réponse. Je vais perdre toute mes données avec cette manip ?
  20. rapasse

    Problème XP

    rapasse a répondu à un(e) sujet de rapasse dans Software

    Bonjour, Merci de la réponse. Comment je gros a accéder a la console vu qu'il démarre pas?
  21. rapasse

    Problème XP

    rapasse a posté un sujet dans Software

    Bonjour, Je viens vers vous car mon pc ne démarre plus, hier matin il a démarré correctement puis je les éteint. Le soir même il a démarré correctement puis 5 minutes après il c'est bloquer avec un écran bleu puis à redémarrer seul et plus moyen de le rallumer il bloque au niveaux de l'écran ou il y a écrit Windows xp avec le défilement de la petite barre bleu. J'ai essayer de le démarrer en mode sans échec et il bloque sur un écran noir avec un petit trait blanc en haut a gauche. Savez-vous de quoi il s'agit ? Cordialement
  22. rapasse

    Lenteur

    rapasse a répondu à un(e) sujet de rapasse dans Analyses et éradication malwares

    Bonjour, Il y a toujours des lenteurs beaucoup moins qu'avant mais il y en a, il met aussi un tant fou à s'arrêter (5min)... Tu pense que sa peut venir de ma rame ? Je n'est pas pu télécharger MBAM' StartUpLite car tu as du oublier de mettre le lien je pense. Encore merci, bonne journée
  23. rapasse

    Lenteur

    rapasse a répondu à un(e) sujet de rapasse dans Analyses et éradication malwares

    Voilà le rapport: All processes killed ========== OTL ========== Error: Unable to stop service is-GQI3Ndrv! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\is-GQI3Ndrv deleted successfully. C:\WINDOWS\system32\drivers\64425156.sys moved successfully. Prefs.js: FFToolbar@bitdefender.com:2.0 removed from extensions.enabledItems Prefs.js: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76 removed from extensions.enabledItems Prefs.js: toolbar@ask.com:3.6.2.119 removed from extensions.enabledItems C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions\home2@tomtom.com folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions folder moved successfully. Folder C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions\home2@tomtom.com\ not found. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\defaults(2)\preferences(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\defaults(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\components(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\chrome(2)\skin(2)\images(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\chrome(2)\skin(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\chrome(2)\locale(2)\en-US(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\chrome(2)\locale(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\chrome(2)\content(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)\chrome(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\skin\images folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\skin folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\locale\ro-RO folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\locale\en-US folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\locale folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\content\qs\media\styles folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\content\qs\media\images folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\content\qs\media folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\content\qs folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome\content folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\chrome folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\toolbar@ask.com folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\illimitux@illimitux.net\chrome folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\illimitux@illimitux.net folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr@dictionaries.addons.mozilla.org\dictionaries folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr@dictionaries.addons.mozilla.org folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr@dictionaries.addons.mozilla(2).org\dictionaries(2) folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr@dictionaries.addons.mozilla(2).org folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr-FR@dictionaries.addons.mozilla.org\dictionaries folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr-FR@dictionaries.addons.mozilla.org folder moved successfully. C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions folder moved successfully. Folder C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\toolbar@ask.com\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. C:\Ad-Report-CLEAN[1].txt moved successfully. C:\Ad-Report-CLEAN[2].txt moved successfully. C:\Ad-Report-CLEAN[3].txt moved successfully. C:\Ad-Report-SCAN[1].txt moved successfully. C:\Ad-Report-SCAN[2].txt moved successfully. C:\Ad-Report-SCAN[3].txt moved successfully. C:\Ad-Report-SCAN[4].txt moved successfully. C:\Ad-Report-SCAN[5].txt moved successfully. C:\Ad-Report-SCAN[6].txt moved successfully. C:\bdlog.txt moved successfully. C:\BdUninstallTool2010.01.12-05.48.01.log moved successfully. C:\CMLoader.log moved successfully. C:\ComboFix.txt moved successfully. C:\JavaRa.log moved successfully. C:\LGSInst.Log moved successfully. C:\mbam-error.txt moved successfully. C:\orange.bmp moved successfully. File C:\pagefile.sys not found. C:\PhysicalMBR.bin moved successfully. C:\rapport_clean.txt moved successfully. C:\resultat_clean.txt moved successfully. C:\TCleaner.txt moved successfully. C:\UsbFix.txt moved successfully. C:\UsbFix_Upload_Me_NOM-FB9B15D2723.zip moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\HPpromotions journeysoftware.job moved successfully. C:\sqmdata00.sqm moved successfully. C:\sqmnoopt00.sqm moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: HP_Administrateur ->Temp folder emptied: 3897156 bytes ->Temporary Internet Files folder emptied: 48886474 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 108661551 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 19696 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 16786 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 8086552 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 46346511 bytes Total Files Cleaned = 206,00 mb [EMPTYFLASH] User: Administrateur User: All Users User: Default User ->Flash cache emptied: 0 bytes User: HP_Administrateur ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 03152011_121421 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF9EC1.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF9EDE.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB7EC.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB809.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFCDA9.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFCDC6.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFCE6E.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFCE8B.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFCEE4.tmp not found! File\Folder C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFCF01.tmp not found! C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C2Z4I8C7\dorf1[1].htm moved successfully. C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... Oui, c'est mieux mais elle met du temps à s'éteindre et à démarré. De plus j'ai souvent mon antivirus qui plante et qui fait tout ralentir Bonne journée
  24. rapasse

    Lenteur

    rapasse a répondu à un(e) sujet de rapasse dans Analyses et éradication malwares

    OTL logfile created on: 14/03/2011 17:52:56 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrateur\Bureau Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 3072 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 226,07 Gb Total Space | 154,94 Gb Free Space | 68,54% Space Free | Partition Type: NTFS Drive D: | 6,80 Gb Total Space | 0,83 Gb Free Space | 12,25% Space Free | Partition Type: FAT32 Drive E: | 465,64 Gb Total Space | 392,31 Gb Free Space | 84,25% Space Free | Partition Type: FAT32 Computer Name: NOM-FB9B15D2723 | User Name: HP_Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/13 23:15:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe PRC - [2011/03/08 12:52:28 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2010/09/22 01:05:22 | 000,110,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe PRC - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010/05/05 12:54:46 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe PRC - [2010/04/01 15:40:02 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe PRC - [2010/04/01 15:39:55 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe PRC - [2009/03/30 21:03:26 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe PRC - [2008/12/27 19:52:09 | 000,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe PRC - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe PRC - [2004/07/27 23:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe ========== Modules (SafeList) ========== MOD - [2011/03/13 23:15:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe MOD - [2011/02/15 16:09:25 | 000,249,864 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_78\midas32.dll MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/03/08 12:52:28 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2010/09/22 01:05:22 | 000,110,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel® SRV - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/05/05 12:54:46 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV) SRV - [2010/04/01 15:39:55 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010/01/12 18:36:57 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3) SRV - [2008/12/27 19:52:09 | 000,086,016 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM) SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel® SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010/06/04 11:29:04 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2010/05/05 12:54:52 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010/05/05 12:54:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr) DRV - [2010/05/05 12:54:48 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK) DRV - [2010/05/05 12:54:44 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf) DRV - [2010/04/01 15:39:56 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2010/02/13 20:17:00 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm) DRV - [2010/01/12 18:37:46 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - [2008/07/08 13:54:02 | 000,148,496 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\64425156.sys -- (is-GQI3Ndrv) DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 19:45:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2007/09/04 18:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006/07/25 00:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/05/09 22:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi) DRV - [2006/05/09 22:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon) DRV - [2006/05/09 22:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd) DRV - [2006/05/09 22:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou) DRV - [2006/05/09 22:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid) DRV - [2006/04/12 04:36:56 | 002,829,696 | ---- | M] (ASUSTek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2005/10/05 03:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301) DRV - [2005/06/29 16:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2) DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) DRV - [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run) DRV - [2003/05/14 12:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2003/05/14 12:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2003/05/14 12:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2003/05/14 12:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.fr/" FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76 FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5 FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.2.119 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/30 21:04:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/20 17:01:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/14 17:09:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/08 12:24:28 | 000,000,000 | ---D | M] [2008/09/20 11:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions [2008/09/20 11:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Extensions\home2@tomtom.com [2011/03/13 22:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions [2010/05/02 20:04:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/27 01:41:58 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2011/03/13 22:39:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/03/13 22:39:34 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/01/12 18:06:36 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2) [2007/12/01 19:22:34 | 000,000,000 | ---D | M] (Dictionnaire MySpell en Français (réforme 1990)) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr@dictionaries.addons.mozilla(2).org [2010/02/15 20:59:58 | 000,000,000 | ---D | M] (Dictionnaire français «Réforme 1990») -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr@dictionaries.addons.mozilla.org [2010/02/15 20:59:58 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\fr-FR@dictionaries.addons.mozilla.org [2010/11/10 22:36:10 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\illimitux@illimitux.net [2010/12/12 11:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\extensions\toolbar@ask.com [2008/12/17 15:10:35 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\searchplugins\live-search.xml [2011/03/13 22:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/11/18 19:07:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/09/20 17:01:41 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2010\BDAPHFFEXT [2010/11/18 19:07:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/11/18 19:07:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/07/09 11:59:00 | 002,113,536 | ---- | M] (Rawflow Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npicdclient.dll [2011/03/08 12:24:25 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2011/03/08 12:24:25 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2011/03/08 12:24:25 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2011/03/08 12:24:25 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2011/03/08 12:24:25 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2011/03/14 17:45:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/03 02:48:17 | 000,000,100 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/03/24 16:00:00 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2010/03/24 16:00:02 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | R--D | M] - E:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 30 Days ========== [2011/03/14 17:38:45 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/03/14 17:32:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/03/14 17:32:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/03/14 17:32:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/03/14 17:32:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/03/14 17:31:10 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/03/14 17:29:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/03/13 23:15:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe [2011/02/27 11:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Bureau\DCIM [2011/02/24 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype [2011/02/19 19:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Screamer Radio [2011/02/13 19:14:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrateur\Recent [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/14 17:55:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/03/14 17:45:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/03/14 17:38:50 | 000,000,325 | RHS- | M] () -- C:\boot.ini [2011/03/14 17:21:12 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk [2011/03/14 16:51:59 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat [2011/03/14 16:51:23 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Dataprivacy.xml [2011/03/14 16:50:40 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/03/14 16:50:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/13 23:53:01 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv [2011/03/13 23:51:47 | 3795,666,976 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2011/03/13 23:51:47 | 044,482,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2011/03/13 23:43:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/03/13 23:15:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTL.exe [2011/03/13 23:15:06 | 004,286,145 | R--- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe [2011/03/13 22:18:51 | 002,652,709 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\photos loéna.odt [2011/03/13 20:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job [2011/03/13 15:10:17 | 000,023,990 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat [2011/03/13 12:21:08 | 000,032,918 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\vatican.jpg [2011/03/13 12:06:40 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\thomas.wps [2011/03/11 08:30:03 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\SecurityCheck.exe [2011/03/08 20:52:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/08 20:50:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/07 20:56:49 | 000,054,599 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\Devoir maison.odt [2011/03/07 00:29:27 | 000,020,700 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\exposer loéna.odt [2011/02/27 11:11:15 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/20 13:52:37 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Screamer Radio.lnk [2011/02/13 23:32:37 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/14 17:55:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/03/14 17:32:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/03/14 17:32:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/03/14 17:32:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/03/14 17:32:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/03/14 17:32:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/03/13 23:14:39 | 004,286,145 | R--- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe [2011/03/13 12:21:07 | 000,032,918 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\vatican.jpg [2011/03/13 12:06:40 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\thomas.wps [2011/03/13 07:26:11 | 002,652,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\photos loéna.odt [2011/03/11 08:30:19 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\SecurityCheck.exe [2011/03/07 20:56:49 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\Devoir maison.odt [2011/02/26 22:45:10 | 000,020,700 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\exposer loéna.odt [2011/02/20 13:52:37 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Screamer Radio.lnk [2011/02/15 23:10:38 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010/10/31 15:06:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/10/31 15:06:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/10/31 15:05:59 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/10/31 15:05:59 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/10/31 15:05:58 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010/09/01 23:29:29 | 000,241,428 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010/09/01 23:29:26 | 000,241,428 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010/09/01 23:29:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/03/22 21:53:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\RAUNINST.EXE [2010/03/22 21:51:06 | 000,000,362 | ---- | C] () -- C:\WINDOWS\EReg072.dat [2010/02/21 22:36:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010/02/13 23:31:14 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\bdfvconp.ini [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat [2010/01/28 14:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat [2010/01/25 16:15:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/01/12 21:35:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat [2010/01/12 21:35:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat [2010/01/12 21:35:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat [2010/01/12 21:35:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat [2010/01/12 21:35:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat [2010/01/12 20:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat [2010/01/11 18:40:20 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat [2010/01/11 18:40:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat [2010/01/11 18:34:22 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat [2009/06/10 05:03:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009/01/25 00:23:11 | 3795,666,976 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2008/08/27 18:13:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2008/08/27 18:08:59 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2008/08/23 16:57:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008/08/22 00:23:22 | 000,121,602 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2008/08/22 00:22:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2008/08/22 00:22:35 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2008/08/12 16:56:56 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin [2008/08/12 15:39:40 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\fusioncache.dat [2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/05/18 20:03:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/01/12 17:21:45 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2007/12/27 19:37:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/12/04 18:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/11/14 23:02:57 | 000,003,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\118300.34 [2007/05/05 11:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2007/03/12 11:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007/03/01 12:49:06 | 000,002,708 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/03/01 01:36:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2007/01/16 11:46:40 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini [2007/01/06 18:50:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/12/30 23:19:36 | 000,028,160 | ---- | C] () -- C:\WINDOWS\UnSetup.exe [2006/12/30 20:11:37 | 000,023,990 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat [2006/12/30 19:45:43 | 000,090,425 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2006/12/30 19:45:43 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2006/11/25 11:34:10 | 000,215,552 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/16 19:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/05/25 00:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2006/01/03 03:20:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/01/03 02:55:56 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2006/01/03 02:51:11 | 000,014,397 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2006/01/03 02:51:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2006/01/03 02:43:39 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/01/03 02:39:56 | 000,106,126 | ---- | C] () -- C:\WINDOWS\hpqins69.dat [2006/01/03 02:39:04 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/01/03 02:35:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006/01/03 02:33:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe [2006/01/03 02:18:33 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/01/03 02:14:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll [2006/01/03 02:14:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll [2006/01/03 02:13:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2005/10/10 13:31:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/10/10 12:39:46 | 000,579,152 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2005/10/10 12:39:46 | 000,485,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005/10/10 12:39:46 | 000,104,672 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2005/10/10 12:39:46 | 000,080,726 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005/10/10 12:37:46 | 000,340,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005/10/10 12:33:42 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/10/10 12:29:58 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/08/05 22:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/03/14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2004/09/17 04:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/10 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/10 05:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/10 05:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/06/24 18:20:22 | 000,000,651 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1998/02/10 19:17:48 | 000,038,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\ARIALREG.TTF [1997/06/07 08:47:12 | 000,025,888 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\regressi.fon [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/10/18 20:19:49 | 000,003,033 | ---- | M] () -- C:\Ad-Report-CLEAN[1].txt [2010/12/08 11:59:54 | 000,003,024 | ---- | M] () -- C:\Ad-Report-CLEAN[2].txt [2010/12/12 11:31:32 | 000,003,144 | ---- | M] () -- C:\Ad-Report-CLEAN[3].txt [2010/10/18 20:11:18 | 000,002,864 | ---- | M] () -- C:\Ad-Report-SCAN[1].txt [2010/12/03 00:56:33 | 000,000,455 | ---- | M] () -- C:\Ad-Report-SCAN[2].txt [2010/12/08 11:57:40 | 000,002,779 | ---- | M] () -- C:\Ad-Report-SCAN[3].txt [2010/12/12 11:22:46 | 000,002,998 | ---- | M] () -- C:\Ad-Report-SCAN[4].txt [2010/12/22 11:33:30 | 000,003,104 | ---- | M] () -- C:\Ad-Report-SCAN[5].txt [2011/02/06 23:07:51 | 000,000,884 | ---- | M] () -- C:\Ad-Report-SCAN[6].txt [2006/01/03 02:48:17 | 000,000,100 | -H-- | M] () -- C:\AUTOEXEC.BAT [2011/03/08 12:52:47 | 000,083,414 | ---- | M] () -- C:\bdlog.txt [2010/01/12 17:50:52 | 003,146,127 | ---- | M] () -- C:\BdUninstallTool2010.01.12-05.48.01.log [2010/11/17 20:29:17 | 000,000,325 | ---- | M] () -- C:\Boot.bak [2011/03/14 17:38:50 | 000,000,325 | RHS- | M] () -- C:\boot.ini [2004/08/09 22:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004/08/09 22:00:00 | 000,263,488 | RHS- | M] () -- C:\cmldr [2007/12/27 19:37:48 | 000,000,074 | ---- | M] () -- C:\CMLoader.log [2011/03/14 17:48:11 | 000,014,899 | ---- | M] () -- C:\ComboFix.txt [2005/10/10 12:34:04 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS [2005/10/10 12:34:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/10/13 17:46:38 | 000,006,443 | ---- | M] () -- C:\JavaRa.log [2009/08/29 12:05:21 | 000,002,697 | ---- | M] () -- C:\LGSInst.Log [2010/05/18 18:01:40 | 000,000,127 | ---- | M] () -- C:\mbam-error.txt [2005/10/10 12:34:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/09 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/05 18:21:36 | 000,252,240 | RHS- | M] () -- C:\ntldr [2004/02/29 16:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp [2011/03/14 16:50:25 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys [2011/03/14 17:55:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2008/07/06 18:10:50 | 000,000,679 | ---- | M] () -- C:\rapport_clean.txt [2008/07/06 18:12:38 | 000,000,218 | ---- | M] () -- C:\resultat_clean.txt [2010/05/12 20:21:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2010/05/12 20:21:07 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt00.sqm [2010/08/08 20:43:53 | 918,786,617 | ---- | M] () -- C:\tbs [2008/07/06 20:21:30 | 000,000,839 | ---- | M] () -- C:\TCleaner.txt [2010/03/24 16:15:04 | 000,006,855 | ---- | M] () -- C:\UsbFix.txt [2010/03/24 16:00:02 | 000,002,937 | ---- | M] () -- C:\UsbFix_Upload_Me_NOM-FB9B15D2723.zip < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/04/14 03:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/10/10 14:23:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005/10/10 14:23:48 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005/10/10 14:23:48 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-09 20:00:11 < End of report > OTL Extras logfile created on: 14/03/2011 17:52:56 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrateur\Bureau Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 3072 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 226,07 Gb Total Space | 154,94 Gb Free Space | 68,54% Space Free | Partition Type: NTFS Drive D: | 6,80 Gb Total Space | 0,83 Gb Free Space | 12,25% Space Free | Partition Type: FAT32 Drive E: | 465,64 Gb Total Space | 392,31 Gb Free Space | 84,25% Space Free | Partition Type: FAT32 Computer Name: NOM-FB9B15D2723 | User Name: HP_Administrateur | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access "1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp "5985:TCP" = 5985:TCP:*:Disabled:Gestion à distance de Windows ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer "{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}" = OpenOffice.org 3.0 "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3 "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2 "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0 "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007 "{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007 "{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007 "{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007 "{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1 "{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1 "{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.2 - Français "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1BD77B7-C3BD-4932-BE85-39C249CCA225}" = BitDefender Internet Security 2010 "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E2E164AB-1367-488F-8F1F-BA312DB2FF18}" = Regressi "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder "{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}" = Choice Guard "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia l'Ame du Guerrier "{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Le logiciel Intel® Viiv™ "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0 "{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer "0D20D36D-A11C-444c-9AF7-70CBFED42ECF" = Otto "99A88D57-2C93-491B-87B8-E41A870FB6BE" = GemMaster Mystic "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ad-Remover" = Ad-Remover By C_XX "CCleaner" = CCleaner "DVD Shrink_is1" = DVD Shrink 3.2 "EL" = Intel® Quick Resume Technology Drivers "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder "KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyDefrag v4.2.8_is1" = MyDefrag v4.2.8 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PROPLUS" = Microsoft Office Professional Plus 2007 "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "RealPlayer 6.0" = RealPlayer "Revo Uninstaller" = Revo Uninstaller 1.90 "SpeedFan" = SpeedFan (remove only) "StepMania" = StepMania (remove only) "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "SuperCopier2" = SuperCopier2 "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME 2.7.6.2056 "WChat" = Westwood Online "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Live Search" = Notification Live Search ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 24/01/2011 13:50:51 | Computer Name = NOM-FB9B15D2723 | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application powerpnt.exe, version 12.0.6500.5000, stamp 49a68f9d, faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f4be, debug? 0, fault address 0x00012afb. Error - 25/01/2011 16:50:31 | Computer Name = NOM-FB9B15D2723 | Source = Application Error | ID = 1000 Description = Application défaillante plugin-container.exe, version 1.9.2.3989, module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0000100b. Error - 23/02/2011 06:57:35 | Computer Name = NOM-FB9B15D2723 | Source = Application Error | ID = 1000 Description = Application défaillante googleearth.exe, version 5.2.1.1588, module défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb. Error - 26/02/2011 13:02:52 | Computer Name = NOM-FB9B15D2723 | Source = Application Error | ID = 1000 Description = Application défaillante photostudio.exe, version 5.0.0.36, module défaillant photostudio.exe, version 5.0.0.36, adresse de défaillance 0x00053dc7. Error - 08/03/2011 14:51:17 | Computer Name = NOM-FB9B15D2723 | Source = crypt32 | ID = 131080 Description = Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré. [ OSession Events ] Error - 22/06/2010 12:06:22 | Computer Name = NOM-FB9B15D2723 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 24/01/2011 13:44:36 | Computer Name = NOM-FB9B15D2723 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 24/01/2011 13:50:48 | Computer Name = NOM-FB9B15D2723 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 11/03/2011 12:23:11 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7023 Description = Le service Service de restauration système s'est arrêté avec l'erreur : %%2 Error - 12/03/2011 04:42:01 | Computer Name = NOM-FB9B15D2723 | Source = SRService | ID = 104 Description = Le processus d'initialisation de la restauration du système a échoué. Error - 12/03/2011 04:42:04 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 Description = Le service ASInsHelp n'a pas pu démarrer en raison de l'erreur : %%2 Error - 12/03/2011 04:42:04 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7023 Description = Le service Service de restauration système s'est arrêté avec l'erreur : %%2 Error - 13/03/2011 04:18:01 | Computer Name = NOM-FB9B15D2723 | Source = SRService | ID = 104 Description = Le processus d'initialisation de la restauration du système a échoué. Error - 13/03/2011 04:18:04 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 Description = Le service ASInsHelp n'a pas pu démarrer en raison de l'erreur : %%2 Error - 13/03/2011 04:18:04 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7023 Description = Le service Service de restauration système s'est arrêté avec l'erreur : %%2 Error - 14/03/2011 11:50:54 | Computer Name = NOM-FB9B15D2723 | Source = SRService | ID = 104 Description = Le processus d'initialisation de la restauration du système a échoué. Error - 14/03/2011 11:50:57 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 Description = Le service ASInsHelp n'a pas pu démarrer en raison de l'erreur : %%2 Error - 14/03/2011 11:50:57 | Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7023 Description = Le service Service de restauration système s'est arrêté avec l'erreur : %%2 < End of report > Voilà les 3 rapports Encore merci de ton aide.
  25. rapasse

    Lenteur

    rapasse a répondu à un(e) sujet de rapasse dans Analyses et éradication malwares

    Bonsoir, Voilà le premier rapport: ComboFix 11-03-12.01 - HP_Administrateur 14/03/2011 17:39:50.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1359 [GMT 1:00] Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . E:\Autorun.inf . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-14 au 2011-03-14 )))))))))))))))))))))))))))))))))))) . . 2011-03-10 17:06 . 2011-03-10 17:06 264728 ----a-w- c:\windows\system32\bda8.tmp 2011-02-24 18:17 . 2011-02-24 18:17 -------- d-----w- c:\program files\Fichiers communs\Skype 2011-02-19 18:36 . 2011-02-19 18:38 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Screamer Radio . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-04 16:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll 2011-02-04 16:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll 2011-02-02 07:59 . 2004-08-10 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-10 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-10 11:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-17 18:09 . 2011-01-17 18:09 40960 ----a-r- c:\documents and settings\HP_Administrateur\Application Data\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\NewShortcut1_E2E164AB1367488F8F1FBA312DB2FF18.exe 2011-01-17 18:09 . 2011-01-17 18:09 2649600 ----a-r- c:\documents and settings\HP_Administrateur\Application Data\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\New_Shortcut_S3177_E2E164AB1367488F8F1FBA312DB2FF18.exe 2011-01-07 14:09 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-10 11:00 1855104 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-10 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:53 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:53 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:53 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-10 11:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 17:09 . 2008-08-12 16:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2008-08-12 16:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-20 12:55 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2010-01-12 71152] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-30 198160] . c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-3 27136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 is-GQI3Ndrv;is-GQI3Ndrv;c:\windows\system32\drivers\64425156.sys [25/01/2009 00:23 148496] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [01/04/2009 11:25 85128] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [27/11/2010 01:26 110752] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 10:38 92008] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2006 02:35 2829696] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [29/06/2009 14:12 153448] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [26/06/2009 18:01 111312] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/10/2010 15:38 136176] S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [26/06/2009 14:40 183880] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/08/2004 12:00 14336] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [03/01/2006 02:34 468768] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan WINRM REG_MULTI_SZ WINRM . Contenu du dossier 'Tâches planifiées' . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 14:38] . 2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 14:38] . 2011-03-13 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36] . . ------- Examen supplémentaire ------- . IE: &Traduire à partir de l'anglais - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Pages liées - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\Google\GoogleToolbar1.dll/cmcache.html DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\zvqk8qrw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Dictionnaire français «Classique»: fr-FR@dictionaries.addons.mozilla.org - %profile%\extensions\fr-FR@dictionaries.addons.mozilla.org FF - Ext: Dictionnaire français «Réforme 1990»: fr@dictionaries.addons.mozilla.org - %profile%\extensions\fr@dictionaries.addons.mozilla.org FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\BitDefender\BitDefender 2010\bdaphffext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-14 17:45 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2011-03-14 17:48:11 ComboFix-quarantined-files.txt 2011-03-14 16:48 . Avant-CF: 165 726 699 520 octets libres Après-CF: 166 310 416 384 octets libres . WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 3041E72D3D87084DEDB76460A3C58910
×
×
  • Créer...