marsouin10_0

bonjour c est varié comme pub ça passe des vêtements aux assurances ..... j ai toujour firefox avec l extension adblock je ne comprend pas non plus c est tout de même bizarre car depuis hier matin j ai laissé le pc allumé et pas un seule pub et ce jusqu'à 23 heures. je crois que je vais être obligé de garder cette chose là où de l'écraser vous me direz merci tout de même

bonjour pas de chance la pub est revenue ce matin

re bon je crois que c est bon depuis ce matin pas de pub. je vous remercie pour tout le travail que je vous ai donné. vous me donnerez la façon de faire pour classer comme [resolu] ce sujet je confirme demain matin bonne soirée

bonjour et bien depuis la derniere intervention avec comboFix je n ai pas eu de pub intempestives.Je croise les doigts... je vous referai un compte rendu demain matin (ou avant)pour vous dire où j'en suis avec cette bestiole. un grand merci tout de même pour votre patience

bonjour voici le rapport: ComboFix 11-05-17.01 - Robert 18/05/2011 7:33.4.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2038.1559 [GMT 2:00] Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Robert\Bureau\CFScript.txt AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . FILE :: "c:\windows\system32\bdod.bin" "c:\windows\system32\Drivers\utqxnjcz.sys" "e:\CDriver.sys" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\bdod.bin . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MSICDSETUP -------\Service_MSICDSetup -------\Service_utqxnjcz . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-18 au 2011-05-18 )))))))))))))))))))))))))))))))))))) . . 2011-05-16 18:40 . 2011-05-16 18:40 -------- d-----w- C:\_OTM 2011-05-16 16:29 . 2011-05-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-16 16:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-16 16:29 . 2011-05-16 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-16 16:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-16 13:27 . 2011-05-17 07:50 -------- d-----w- c:\program files\ZHPDiag 2011-04-30 08:54 . 2011-05-06 15:15 -------- d-----w- c:\program files\Fichiers communs\Softwin 2011-04-30 08:30 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-28 05:05 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\80759602.sys 2011-04-28 05:05 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\8075960.sys 2011-04-28 05:05 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\80759601.sys 2011-04-27 09:32 . 2011-04-27 09:32 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Mozilla 2011-04-26 16:21 . 2011-04-26 16:21 512 ----a-w- C:\PhysicalMBR.bin 2011-04-24 13:20 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-04-24 13:20 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-04-22 04:16 . 2011-04-22 04:16 -------- d-----w- c:\program files\Fichiers communs\Java 2011-04-21 15:09 . 2011-04-21 15:09 512 ----a-w- C:\PhysicalDisk0_MBR.bin . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-09 06:19 . 2011-03-09 06:19 86576 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2011-03-09 06:19 . 2011-03-09 06:19 392728 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2011-03-09 06:19 . 2011-03-09 06:19 132672 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2011-03-07 05:33 . 2010-08-20 08:38 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-05 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-05 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:05 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:05 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:05 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:42 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-05 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-05 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-08-29 77824] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-08-29 188416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Coolscript2\\cool script.exe"= . R0 80759602;80759602 Boot Guard Driver;c:\windows\system32\drivers\80759602.sys [28/04/2011 07:05 37392] R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [26/03/2011 08:34 88632] R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880] R1 80759601;80759601;c:\windows\system32\drivers\80759601.sys [28/04/2011 07:05 128016] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [26/03/2011 08:34 39352] R1 setup_9.0.0.722_27.04.2011_18-09drv;setup_9.0.0.722_27.04.2011_18-09drv;c:\windows\system32\drivers\8075960.sys [28/04/2011 07:05 315408] R2 CSObjectsSrv;Service de gestion du système CryproStorage;c:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992] R2 WinSysINM;WinSysINM;c:\program files\Microsoft\sysNM.exe [12/04/2011 14:15 20480] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/08/2010 11:06 1691480] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/03/2011 14:42 311744] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . Contenu du dossier 'Tâches planifiées' . 2011-05-18 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-01-16 16:24] . 2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{D8D3402F-1544-4D48-AF51-E93075AB3755}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://aliceadsl.fr/ IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-18 07:39 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'explorer.exe'(3376) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\LVComS.exe . ************************************************************************** . Heure de fin: 2011-05-18 07:46:23 - La machine a redémarré ComboFix-quarantined-files.txt 2011-05-18 05:46 ComboFix2.txt 2011-05-17 15:30 . Avant-CF: 40 033 542 144 octets libres Après-CF: 39 967 539 200 octets libres . - - End Of File - - 2497139AA19ABB773F02DC07D8A4E5F3

voici le rapport combofix: ComboFix 11-05-16.04 - Robert 17/05/2011 17:21:09.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2038.1464 [GMT 2:00] Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Documents . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-04-17 au 2011-05-17 )))))))))))))))))))))))))))))))))))) . . 2011-05-16 18:40 . 2011-05-16 18:40 -------- d-----w- C:\_OTM 2011-05-16 16:29 . 2011-05-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-16 16:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-16 16:29 . 2011-05-16 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-16 16:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-16 13:27 . 2011-05-17 07:50 -------- d-----w- c:\program files\ZHPDiag 2011-04-30 09:00 . 2011-04-30 09:02 81984 ----a-w- c:\windows\system32\bdod.bin 2011-04-30 08:54 . 2011-05-06 15:15 -------- d-----w- c:\program files\Fichiers communs\Softwin 2011-04-30 08:30 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-28 05:05 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\80759602.sys 2011-04-28 05:05 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\8075960.sys 2011-04-28 05:05 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\80759601.sys 2011-04-27 09:32 . 2011-04-27 09:32 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Mozilla 2011-04-26 16:21 . 2011-04-26 16:21 512 ----a-w- C:\PhysicalMBR.bin 2011-04-24 13:20 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-04-24 13:20 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-04-22 04:16 . 2011-04-22 04:16 -------- d-----w- c:\program files\Fichiers communs\Java 2011-04-21 15:09 . 2011-04-21 15:09 512 ----a-w- C:\PhysicalDisk0_MBR.bin . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-09 06:19 . 2011-03-09 06:19 86576 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2011-03-09 06:19 . 2011-03-09 06:19 392728 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2011-03-09 06:19 . 2011-03-09 06:19 132672 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2011-03-07 05:33 . 2010-08-20 08:38 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-05 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-05 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:05 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:05 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:05 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:42 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-05 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-05 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-08-29 77824] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-08-29 188416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Coolscript2\\cool script.exe"= . R0 80759602;80759602 Boot Guard Driver;c:\windows\system32\drivers\80759602.sys [28/04/2011 07:05 37392] R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [26/03/2011 08:34 88632] R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880] R1 80759601;80759601;c:\windows\system32\drivers\80759601.sys [28/04/2011 07:05 128016] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [26/03/2011 08:34 39352] R1 setup_9.0.0.722_27.04.2011_18-09drv;setup_9.0.0.722_27.04.2011_18-09drv;c:\windows\system32\drivers\8075960.sys [28/04/2011 07:05 315408] R2 CSObjectsSrv;Service de gestion du système CryproStorage;c:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992] R2 WinSysINM;WinSysINM;c:\program files\Microsoft\sysNM.exe [12/04/2011 14:15 20480] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/08/2010 11:06 1691480] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/03/2011 14:42 311744] S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?] S3 utqxnjcz;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utqxnjcz.sys --> c:\windows\system32\Drivers\utqxnjcz.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . Contenu du dossier 'Tâches planifiées' . 2011-05-17 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-01-16 16:24] . 2011-05-17 c:\windows\Tasks\User_Feed_Synchronization-{D8D3402F-1544-4D48-AF51-E93075AB3755}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://aliceadsl.fr/ IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-17 17:26 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2011-05-17 17:30:31 ComboFix-quarantined-files.txt 2011-05-17 15:30 . Avant-CF: 40 112 713 728 octets libres Après-CF: 40 101 445 632 octets libres . - - End Of File - - C80E3244CF19ADAF46DD58B752A4EEB7 bonne soirée

voici le rapport: 2011/05/17 10:55:31.0734 2940 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/17 10:55:31.0843 2940 ================================================================================ 2011/05/17 10:55:31.0843 2940 SystemInfo: 2011/05/17 10:55:31.0843 2940 2011/05/17 10:55:31.0843 2940 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/17 10:55:31.0843 2940 Product type: Workstation 2011/05/17 10:55:31.0843 2940 ComputerName: MERIGLIE-8B4AA0 2011/05/17 10:55:31.0843 2940 UserName: Robert 2011/05/17 10:55:31.0843 2940 Windows directory: C:\WINDOWS 2011/05/17 10:55:31.0843 2940 System windows directory: C:\WINDOWS 2011/05/17 10:55:31.0843 2940 Processor architecture: Intel x86 2011/05/17 10:55:31.0843 2940 Number of processors: 2 2011/05/17 10:55:31.0843 2940 Page size: 0x1000 2011/05/17 10:55:31.0843 2940 Boot type: Normal boot 2011/05/17 10:55:31.0843 2940 ================================================================================ 2011/05/17 10:55:32.0343 2940 Initialize success 2011/05/17 10:56:39.0937 3564 ================================================================================ 2011/05/17 10:56:39.0937 3564 Scan started 2011/05/17 10:56:39.0937 3564 Mode: Manual; 2011/05/17 10:56:39.0937 3564 ================================================================================ 2011/05/17 10:56:43.0468 3564 80759601 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\80759601.sys 2011/05/17 10:56:43.0609 3564 80759602 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\80759602.sys 2011/05/17 10:56:43.0859 3564 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/17 10:56:43.0984 3564 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/17 10:56:44.0265 3564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/17 10:56:44.0390 3564 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/17 10:56:44.0953 3564 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 2011/05/17 10:56:45.0375 3564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/17 10:56:45.0484 3564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/17 10:56:45.0703 3564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/17 10:56:45.0828 3564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/17 10:56:45.0937 3564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/17 10:56:46.0078 3564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/17 10:56:46.0218 3564 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/05/17 10:56:46.0453 3564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/17 10:56:46.0593 3564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/17 10:56:46.0718 3564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/17 10:56:47.0015 3564 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/05/17 10:56:47.0234 3564 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys 2011/05/17 10:56:47.0359 3564 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys 2011/05/17 10:56:47.0609 3564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/17 10:56:47.0765 3564 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/17 10:56:47.0921 3564 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/17 10:56:48.0078 3564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/17 10:56:48.0187 3564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/17 10:56:48.0406 3564 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2011/05/17 10:56:48.0531 3564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/17 10:56:48.0687 3564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/17 10:56:48.0812 3564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/05/17 10:56:48.0953 3564 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/17 10:56:49.0093 3564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/17 10:56:49.0234 3564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/17 10:56:49.0375 3564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/17 10:56:49.0484 3564 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/17 10:56:49.0609 3564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/17 10:56:49.0734 3564 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/17 10:56:49.0859 3564 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys 2011/05/17 10:56:49.0968 3564 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/17 10:56:50.0218 3564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/17 10:56:50.0468 3564 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/17 10:56:50.0890 3564 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/05/17 10:56:51.0046 3564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/17 10:56:51.0562 3564 IntcAzAudAddService (364d3642ae236c3f2f5f55f43b09ffda) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/05/17 10:56:51.0765 3564 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/17 10:56:51.0890 3564 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/17 10:56:52.0000 3564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/17 10:56:52.0093 3564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/17 10:56:52.0265 3564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/17 10:56:52.0390 3564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/17 10:56:52.0515 3564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/17 10:56:52.0640 3564 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/17 10:56:52.0765 3564 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/17 10:56:52.0890 3564 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys 2011/05/17 10:56:53.0000 3564 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys 2011/05/17 10:56:53.0140 3564 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys 2011/05/17 10:56:53.0281 3564 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys 2011/05/17 10:56:53.0453 3564 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys 2011/05/17 10:56:53.0593 3564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/17 10:56:53.0734 3564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/17 10:56:53.0953 3564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/17 10:56:54.0078 3564 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/17 10:56:54.0250 3564 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 2011/05/17 10:56:54.0390 3564 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/17 10:56:54.0515 3564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/17 10:56:54.0703 3564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/17 10:56:54.0859 3564 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/17 10:56:55.0015 3564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/17 10:56:55.0187 3564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/17 10:56:55.0328 3564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/17 10:56:55.0468 3564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/17 10:56:55.0593 3564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/17 10:56:55.0765 3564 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/05/17 10:56:55.0906 3564 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/17 10:56:56.0046 3564 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/05/17 10:56:56.0203 3564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/17 10:56:56.0343 3564 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/05/17 10:56:56.0468 3564 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/17 10:56:56.0625 3564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/17 10:56:56.0765 3564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/17 10:56:56.0890 3564 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/17 10:56:57.0046 3564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/17 10:56:57.0187 3564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/17 10:56:57.0328 3564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/17 10:56:57.0515 3564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/17 10:56:57.0625 3564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/17 10:56:57.0750 3564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/17 10:56:57.0875 3564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/17 10:56:58.0000 3564 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/05/17 10:56:58.0203 3564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/17 10:56:58.0359 3564 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/17 10:56:58.0484 3564 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/17 10:56:58.0656 3564 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/17 10:56:58.0796 3564 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/17 10:56:59.0453 3564 PhilCam8116 (98ee301b9d1511b795c3da89048a642e) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys 2011/05/17 10:56:59.0609 3564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/17 10:56:59.0781 3564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/17 10:56:59.0906 3564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/17 10:57:00.0312 3564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/17 10:57:00.0453 3564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/17 10:57:00.0578 3564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/17 10:57:00.0718 3564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/17 10:57:00.0859 3564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/17 10:57:00.0968 3564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/17 10:57:01.0109 3564 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/17 10:57:01.0234 3564 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/17 10:57:01.0359 3564 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/05/17 10:57:01.0515 3564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/17 10:57:01.0625 3564 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/17 10:57:01.0734 3564 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/17 10:57:01.0906 3564 setup_9.0.0.722_27.04.2011_18-09drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\8075960.sys 2011/05/17 10:57:02.0031 3564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/17 10:57:02.0250 3564 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/05/17 10:57:02.0421 3564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/17 10:57:02.0578 3564 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/17 10:57:02.0750 3564 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/17 10:57:02.0890 3564 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/05/17 10:57:03.0000 3564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/17 10:57:03.0140 3564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/17 10:57:03.0656 3564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/17 10:57:03.0796 3564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/17 10:57:03.0921 3564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/17 10:57:04.0031 3564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/17 10:57:04.0140 3564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/17 10:57:04.0328 3564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/17 10:57:04.0515 3564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/17 10:57:04.0671 3564 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/05/17 10:57:04.0796 3564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/17 10:57:04.0921 3564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/17 10:57:05.0031 3564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/17 10:57:05.0187 3564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/17 10:57:05.0359 3564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/17 10:57:05.0468 3564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/17 10:57:05.0578 3564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/17 10:57:05.0812 3564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/17 10:57:06.0031 3564 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/17 10:57:06.0156 3564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/17 10:57:06.0421 3564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/17 10:57:06.0593 3564 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/05/17 10:57:06.0703 3564 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/17 10:57:06.0812 3564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/17 10:57:07.0015 3564 ================================================================================ 2011/05/17 10:57:07.0015 3564 Scan finished 2011/05/17 10:57:07.0015 3564 ================================================================================ je ne sais pas si cela a un rapport avec mon probleme mais avec un scan de bitdefender j avais trouvé la chose suivante: dropped: adware.yabector.b vous me direz

voici le rapport OTM All processes killed ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef\ deleted successfully. Registry key HKEY_CLASSES_ROOT\installer\features\a28b4d68debaa244eb686953b7074fef\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Robert ->Temp folder emptied: 18006 bytes ->Temporary Internet Files folder emptied: 9444079 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 756 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 611624 bytes Total Files Cleaned = 10,00 mb OTM by OldTimer - Version 3.1.17.2 log created on 05172011_071900 Files moved on Reboot... Registry entries deleted on Reboot... ce matin j ai encore des pub

bonjour et merci de bien vouloir vous occuper de moi voici le rapport: Rapport de ZHPFix 1.12.3283 par Nicolas Coolman, Update du 14/05/2011 Fichier d'export Registre : Run by Robert at 16/05/2011 15:30:19 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Autre ========== O71 - BDRI:[hklm\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef] => Format Non supporté O71 - BDRI:[hkcr\installer\features\a28b4d68debaa244eb686953b7074fef] => Format Non supporté O71 - BDRI:[hklm\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef] => Format Non supporté O71 - BDRI:[hkcr\installer\features\a28b4d68debaa244eb686953b7074fef] => Format Non supporté ========== Récapitulatif ========== 4 : Autre End of the sca il me semble que ces malwares sont encore présent

bonjour j ai été suivi sur ce site pour des pub in tempestives sans succes. je suis sous windows sp3 et j ai kaspersky comme A.V ce matin en passant ZHP j ai decouvert cette chose: ---\\ ZHPSearch, Outil de recherche d'infection de Base de Registres (O71) O71 - BDRI:[hklm\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef] O71 - BDRI:[hkcr\installer\features\a28b4d68debaa244eb686953b7074fef] Zhp m indique que ce sont des malwares merci de votre réponse

bonjour j ai scanné avec bitdefender qui me trouve ce qui suit un relation avec mon probleme? BitDefender Online Scanner - Rapport virus en temps réel Généré à: Sun, May 01, 2011 - 07:29:07 -------------------------------------------------------------------------------- Info d'analyse Fichiers scannés 68336 Infectés Fichiers 1 Virus Détectés Dropped:Adware.Yabector.B 1 il semblerait aussi que j ai: win32/Adware.ADON application

bonjour un grand merci à vous tout de même,je vais voir ce que je peux faire. et merci pour votre patience

voici le rapport: <?xml version="1.0" encoding="windows-1251" ?> - <!-- AVZ XML Report --> - <AVZ Version="4.32" LogDate="27/04/2011 19:14:56" WinDir="C:\WINDOWS\" ProfileDir="C:\Documents and Settings\Robert" IsWow64="False" CompHash="59B555EF633C44F9088DF2371802D6FF"> - <PROCESS> <ITEM PID="788" File="c:\windows\explorer.exe" CheckResult="0" Descr="Explorateur Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Hidden="0" CmdLine="C:\WINDOWS\Explorer.EXE" Size="1037824" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="14/04/2008 04:34:03" MD5="F2317622D29F9FF0F88AEECD5F60F0DD" /> </PROCESS> - <DLL> <ITEM File="C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" CheckResult="-1" Descr="PDF Shell Extension" LegalCopyright="Copyright 2000-2010 Adobe Systems Inccorporated. All rights reserved." UsedBy="788" Hidden="0" Size="372736" Attr="rsAh" CreateDate="21/01/2011 23:15:13" ChageDate="21/01/2011 23:15:13" MD5="DD6EEC3ECBF934375EF55CB121665AE3" /> <ITEM File="C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA" CheckResult="-1" Descr="PDF Shell Extension" LegalCopyright="Copyright 2000-2006 Adobe Systems, Inc." UsedBy="788" Hidden="0" Size="311296" Attr="rsAh" CreateDate="23/10/2006 01:27:10" ChageDate="23/10/2006 01:27:10" MD5="17C964594AC92EE0B67D9EA08F8A8FD0" /> </DLL> - <KERNELOBJ> <ITEM File="C:\WINDOWS\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="BA575000" MemSize="018000" Descr="" LegalCopyright="" /> <ITEM File="C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F79AF000" MemSize="002000" Descr="" LegalCopyright="" /> </KERNELOBJ> - <Service> <ITEM File="C:\Program Files\Microsoft\sysNM.exe" Name="WinSysINM" CheckResult="-1" Type="16" State="1" Size="20480" Attr="RSAH" CreateDate="12/04/2011 14:15:04" ChageDate="12/04/2011 14:15:04" MD5="A9F69E06E0D51CACB6FF7751AC19679D" /> </Service> - <Drivers> <ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" /> <ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" /> <ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" /> <ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" /> <ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" /> <ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" /> <ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" /> <ITEM File="C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" /> <ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" /> <ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" /> <ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" /> <ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" /> <ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" /> <ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" /> <ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" /> <ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" /> <ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" /> <ITEM File="E:\CDriver.sys" Name="MSICDSetup" CheckResult="-1" Type="1" State="1" /> <ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" /> <ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" /> <ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" /> <ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" /> <ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" /> <ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" /> <ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" /> <ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" /> <ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" /> <ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" /> <ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" /> <ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" /> </Drivers> - <AUTORUN> <ITEM File="C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" CheckResult="-1" Enabled="1" Type="REG" Size="200704" Attr="rsAh" CreateDate="07/02/2006 10:07:02" ChageDate="07/02/2006 10:07:02" MD5="ED04656BDAB64EA5C5DEA7C759106042" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="eCarteBleue-CLEO" /> <ITEM File="C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fr\aspnet_rc.dll" CheckResult="-1" Enabled="1" Type="REG" Size="45056" Attr="rsAh" CreateDate="11/03/2003 18:08:36" ChageDate="11/03/2003 18:08:36" MD5="2F4C682B184B331F3202F7DB46D55CF4" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 1.1.4322.0" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\PrintFilterPipelineSvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters" X3="ServiceDll" /> <ITEM File="C:\WINDOWS\System32\appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\appmgr.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\fdeploy.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\hidserv.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\HidServ\Parameters" X3="ServiceDll" /> <ITEM File="C:\WINDOWS\System32\igmpv2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ipbootp.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\iprip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ntbackup.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ospf.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\ospfmib.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\polagent.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\System32\tssdis.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir" X3="EventMessageFile" /> <ITEM File="C:\WINDOWS\system32\AQUARI~1.SCR" CheckResult="-1" Enabled="1" Type="REG" Size="1607184" Attr="rsAh" CreateDate="07/09/2010 11:27:49" ChageDate="07/09/2010 11:27:49" MD5="5C5C954A57DF47199AE56F3E8CC93B1A" X1="HKEY_USERS" X2="S-1-5-21-602162358-1844823847-839522115-1004\Control Panel\Desktop" X3="scrnsave.exe" /> <ITEM File="C:\WINDOWS\system32\AQUARI~1.SCR" CheckResult="-1" Enabled="1" Type="INI" Size="1607184" Attr="rsAh" CreateDate="07/09/2010 11:27:49" ChageDate="07/09/2010 11:27:49" MD5="5C5C954A57DF47199AE56F3E8CC93B1A" X1="C:\WINDOWS\system.ini" X2="boot" X3="SCRNSAVE.EXE" /> <ITEM File="C:\WINDOWS\system32\MsSip1.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\MsSip2.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\MsSip3.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3" X3="$DLL" /> <ITEM File="C:\WINDOWS\system32\asr_fmt.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR format utility for volumes" /> <ITEM File="C:\WINDOWS\system32\asr_ldm.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR utility for Logical Disk Manager" /> <ITEM File="C:\WINDOWS\system32\asr_pfu.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Asr\Commands" X3="ASR protected file utility" /> <ITEM File="C:\WINDOWS\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" /> <ITEM File="C:\WINDOWS\system32\stisvc.exe" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\System" X3="EventMessageFile" /> <ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" /> <ITEM File="kbd101a.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" X3="LayerDriver KOR" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2=".DEFAULT\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-20\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-18\Control Panel\IOProcs" X3="MVB" /> <ITEM File="mvfs32.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_USERS" X2="S-1-5-21-602162358-1844823847-839522115-1004\Control Panel\IOProcs" X3="MVB" /> <ITEM File="vgafix.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fixedfon.fon" /> <ITEM File="vgaoem.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="oemfonts.fon" /> <ITEM File="vgasys.fon" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\WOW\boot" X3="fonts.fon" /> </AUTORUN> - <BHO> <ITEM File="C:\WINDOWS\system32\BhoECart.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{2E03C0FD-4C48-43A7-9A54-00240C70FF16}" Descr="e-Carte Bleue" LegalCopyright="Copyright © 1999-2002, Orbiscom Ltd. All rights reserved." Size="81920" Attr="rsAh" CreateDate="07/02/2006 10:05:52" ChageDate="07/02/2006 10:05:52" MD5="6A6FEA591D20034928993156BB5D7781" /> </BHO> - <ExplorerExt> <ITEM File="deskpan.dll" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Extension Affichage Panorama du Panneau de configuration" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Extensions de l'environnement de compression de fichiers" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Menu contextuel de cryptage" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Barre des t?ches et menu D?marrer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" /> <ITEM File="rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Autoplay for SlideShow" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Comptes d'utilisateurs" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" /> <ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="IE User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" Descr="" LegalCopyright="" /> <ITEM File=""C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /PhotoViewerComServer {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Windows Live Photo Gallery Autoplay Drop Target" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}" Descr="" LegalCopyright="" /> <ITEM File=""C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /PhotoViewerComServer {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Windows Live Photo Gallery Viewer Drop Target" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}" Descr="" LegalCopyright="" /> <ITEM File=""C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /PhotoViewerComServer {00F374B7-B390-4884-B372-2FC349F2172B}" CheckResult="-1" Enabled="1" ExtType="1" ExtName="Windows Live Photo Gallery Editor Drop Target" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00F374B7-B390-4884-B372-2FC349F2172B}" Descr="" LegalCopyright="" /> <ITEM File="C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" Descr="PDF Shell Extension" LegalCopyright="Copyright 2000-2010 Adobe Systems Inccorporated. All rights reserved." Size="372736" Attr="rsAh" CreateDate="21/01/2011 23:15:13" ChageDate="21/01/2011 23:15:13" MD5="DD6EEC3ECBF934375EF55CB121665AE3" /> </ExplorerExt> <PrintEXT /> <TaskScheduler /> - <SPI> <ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="TCP/IP" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="16896" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="14/04/2008 04:33:48" MD5="EF4092F4129A220AEAADC04C229CD5BF" /> <ITEM File="C:\WINDOWS\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="Espace de noms NLA (Network Location Awareness)" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [TCP/IP]" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [uDP/IP]" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD Tcpip [RAW/IP]" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP UDP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="92672" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="14/04/2008 04:33:39" MD5="046E114AF54F712B770279614F8B3C77" /> <ITEM File="C:\WINDOWS\system32\rsvpsp.dll" CheckResult="-1" SPIType="3" SPINaim="RSVP TCP Service Provider" Descr="Microsoft Windows Rsvp 1.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="92672" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="14/04/2008 04:33:39" MD5="046E114AF54F712B770279614F8B3C77" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{3073FCDA-9D3C-4B49-A9BC-DDB80B78FA30}] SEQPACKET 3" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{3073FCDA-9D3C-4B49-A9BC-DDB80B78FA30}] DATAGRAM 3" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3F4AD8B-01A7-4D52-8981-EC04DD41F6D9}] SEQPACKET 0" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3F4AD8B-01A7-4D52-8981-EC04DD41F6D9}] DATAGRAM 0" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7761405-D2FD-46C4-A0D6-B9A4F1246A7A}] SEQPACKET 1" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7761405-D2FD-46C4-A0D6-B9A4F1246A7A}] DATAGRAM 1" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA302939-5E50-486D-855B-A53F2A94D456}] SEQPACKET 2" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> <ITEM File="C:\WINDOWS\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA302939-5E50-486D-855B-A53F2A94D456}] DATAGRAM 2" Descr="Fournisseur de service Sockets 2.0 de Microsoft Windows" LegalCopyright="© Microsoft Corporation. Tous droits r?serv?s." Size="247808" Attr="rsAh" CreateDate="05/08/2004 14:00:00" ChageDate="20/06/2008 18:03:53" MD5="6F5F546A92C7B6AE45DB1D6910781EB0" /> </SPI> - <DPF> <ITEM File="C:\WINDOWS\Downloaded Program Files\mitm0026.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{6F74F92E-8DD8-4DDE-8FB8-CBB882A68048}" CodeBase="file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab" Descr="Microsoft Office XP Professional Step by Step Interactive" LegalCopyright="Copyright 2000" Size="36864" Attr="rsAh" CreateDate="22/01/2001 07:19:40" ChageDate="22/01/2001 07:19:40" MD5="3E062AEFFC5F513C3FE628926BDB805C" /> </DPF> - <CPL> <ITEM File="C:\WINDOWS\system32\javacpl.cpl" CheckResult="-1" Enabled="1" Descr="Java Control Panel" LegalCopyright="Copyright © 2011" Size="73728" Attr="rsAh" CreateDate="28/08/2010 11:15:26" ChageDate="02/02/2011 19:19:39" MD5="3FD411DF4A9999EA848615DEF336E905" /> </CPL> <ActiveSetup /> - <HOSTS> <ITEM Line="127.0.0.1 localhost" /> </HOSTS> <SuspFiles /> - <IPU> <ITEM Code="1" X1="TermService" X2="Services Terminal Server" /> <ITEM Code="1" X1="SSDPSRV" X2="Service de d?couvertes SSDP" /> <ITEM Code="1" X1="TlntSvr" /> <ITEM Code="1" X1="Schedule" X2="Planificateur de t?ches" /> <ITEM Code="1" X1="mnmsrvc" X2="Partage de Bureau ? distance NetMeeting" /> <ITEM Code="1" X1="RDSessMgr" X2="Gestionnaire de session d'aide sur le Bureau ? distance" /> <ITEM Code="2" /> <ITEM Code="3" /> <ITEM Code="5" /> <ITEM Code="8" X1="1" /> </IPU> - <WIZARD-TSW> <ITEM ID="58" Level="3" Fixed="0" /> <ITEM ID="59" Level="3" Fixed="0" /> <ITEM ID="60" Level="1" Fixed="0" /> <ITEM ID="61" Level="2" Fixed="0" /> <ITEM ID="66" Level="1" Fixed="0" /> </WIZARD-TSW> </AVZ>

v:oici le rapport BRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 121): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80700000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75F7000 klbg.sys 0xF7507000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF74F6000 pci.sys 0xF7607000 isapnp.sys 0xF74E2000 CSCrySec.sys 0xF789B000 compbatt.sys 0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7617000 MountMgr.sys 0xF74C3000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7627000 VolSnap.sys 0xF74AB000 atapi.sys 0xF7637000 disk.sys 0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF748B000 fltmgr.sys 0xF7479000 sr.sys 0xF7462000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF7435000 NDIS.sys 0xF741B000 Mup.sys 0xB99C3000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB8D47000 \SystemRoot\system32\DRIVERS\igxpmp32.sys 0xB8D33000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB8D0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB8CDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xF77DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB8CBB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF77E7000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB8CAA000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA7D8000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB8C96000 \SystemRoot\system32\DRIVERS\parport.sys 0xF76E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF76F7000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0xF77F7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF75C6000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF75B6000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF75A6000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB8C73000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7596000 \SystemRoot\system32\DRIVERS\klim5.sys 0xF7ABA000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA7CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB8C5C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7576000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7566000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB8C4B000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7556000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7546000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79BB000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8BED000 \SystemRoot\system32\DRIVERS\update.sys 0xBA7C0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7536000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xA7894000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xA7870000 \SystemRoot\system32\drivers\portcls.sys 0xBA790000 \SystemRoot\system32\drivers\drmk.sys 0xBA780000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79BF000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xA77F7000 \SystemRoot\system32\DRIVERS\klif.sys 0xBA7E8000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA760000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF79C1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB9338000 \SystemRoot\System32\Drivers\Null.SYS 0xF79C3000 \SystemRoot\System32\Drivers\Beep.SYS 0xF776F000 \SystemRoot\System32\drivers\vga.sys 0xF79C5000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF777F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA7DC000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA728F000 \??\C:\WINDOWS\system32\drivers\kl1.sys 0xF7787000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xA7254000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA71FB000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA71D3000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA71AD000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA750000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xA718B000 \SystemRoot\System32\drivers\afd.sys 0xBA740000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA7160000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA70F0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA730000 \SystemRoot\System32\Drivers\Fips.SYS 0xF778F000 \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys 0xA6FFF000 \SystemRoot\system32\DRIVERS\CamDrL21.sys 0xBA710000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xF7797000 \SystemRoot\system32\DRIVERS\USBCAMD.SYS 0xA6F72000 \SystemRoot\system32\DRIVERS\lvsvf2.sys 0xF7677000 \SystemRoot\system32\drivers\usbaudio.sys 0xB9A13000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA5FF2000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79D9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA728B000 \SystemRoot\System32\drivers\Dxapi.sys 0xB8BC5000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7A89000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF024000 \SystemRoot\System32\igxpgd32.dll 0xBF012000 \SystemRoot\System32\igxprd32.dll 0xBF04F000 \SystemRoot\System32\igxpdv32.DLL 0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL 0xBF47A000 \SystemRoot\System32\ATMFD.DLL 0xA5EBE000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA5C2D000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7997000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xA5ABD000 \SystemRoot\system32\DRIVERS\srv.sys 0xA5698000 \SystemRoot\system32\drivers\wdmaud.sys 0xA56E5000 \SystemRoot\system32\drivers\sysaudio.sys 0xA544F000 \SystemRoot\System32\Drivers\HTTP.sys 0xA39A4000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 41): 0 System Idle Process 4 System 972 C:\WINDOWS\system32\smss.exe 1020 csrss.exe 1044 C:\WINDOWS\system32\winlogon.exe 1092 C:\WINDOWS\system32\services.exe 1104 C:\WINDOWS\system32\lsass.exe 1284 C:\WINDOWS\system32\svchost.exe 1372 svchost.exe 1500 C:\WINDOWS\system32\svchost.exe 1656 svchost.exe 1760 svchost.exe 1952 C:\WINDOWS\system32\spoolsv.exe 140 svchost.exe 172 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe 204 C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe 244 C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe 292 C:\Program Files\Java\jre6\bin\jqs.exe 524 C:\WINDOWS\system32\svchost.exe 108 C:\Program Files\Microsoft\sysNM.exe 332 alg.exe 2396 C:\WINDOWS\system32\wbem\wmiapsrv.exe 3036 C:\WINDOWS\explorer.exe 3312 C:\WINDOWS\system32\igfxtray.exe 3660 C:\WINDOWS\system32\hkcmd.exe 3680 C:\WINDOWS\system32\igfxsrvc.exe 3688 C:\WINDOWS\system32\igfxpers.exe 3740 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe 3764 C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe 220 C:\Program Files\Logitech\Video\LogiTray.exe 412 C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe 424 C:\Program Files\Unlocker\UnlockerAssistant.exe 428 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 448 C:\WINDOWS\system32\ctfmon.exe 404 C:\WINDOWS\system32\LVComS.exe 3588 C:\Program Files\Windows Live\Contacts\wlcomm.exe 4000 wmiprvse.exe 2884 C:\Program Files\Mozilla Firefox\firefox.exe 1968 C:\Program Files\Mozilla Firefox\plugin-container.exe 1520 C:\Documents and Settings\Robert\Bureau\Defogger(1).exe 1340 C:\Documents and Settings\Robert\Bureau\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST360012A, Rev: 3.30 Size Device Name MBR Status -------------------------------------------- 55 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719

bonjour j ai donc installé Firefox et adblock.le seul soucis c est que j ai encore des pub .

voici les rapports: OTL logfile created on: 26/04/2011 18:21:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr PRC - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) -- C:\Program Files\Microsoft\sysNM.exe PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2010/07/04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006/02/07 10:07:02 | 000,200,704 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe PRC - [2003/08/29 15:20:02 | 000,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe PRC - [2003/08/29 08:44:50 | 000,135,214 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVComS.exe ========== Modules (SafeList) ========== MOD - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010/07/04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Microsoft\sysNM.exe -- (WinSysINM) SRV - [2011/03/10 14:42:22 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice) SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service) ========== Driver Services (SafeList) ========== DRV - [2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/08/30 11:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2) DRV - [2009/12/25 12:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec) DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009/11/27 09:20:06 | 000,177,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG) DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2003/08/29 08:43:48 | 000,334,096 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = Sign In IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Banque et Assurance LCL - Le Crédit Lyonnais Particuliers [binary data] IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Abonnement Adsl Haut débit avec Alice France. Page d'accueil du portail. IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/21 08:09:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/28 11:15:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/29 11:33:04 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eCarteBleue-CLEO] C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe (Orbiscom Ltd. All rights reserved.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab (Kaspersky License Finder) O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab (KeybHunterWebInterface Class) O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} http://www.super-messenger.fr/tab/HookWlmEx.exe (HookWlmEx Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282320427890 (MUWebControl Class) O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab (Microsoft Office XP Professional Step by Step Interactive) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab ("Ma-Config.com control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/20 10:40:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011/04/26 18:16:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr [2011/04/25 13:12:57 | 012,660,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe [2011/04/25 09:18:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/04/25 08:32:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/04/25 08:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/04/24 15:20:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2011/04/24 15:20:10 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2011/04/24 10:25:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent [2011/04/22 17:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Mes documents\depannage zebulon [2011/04/22 06:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java [2011/04/22 06:16:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP [2011/04/14 06:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras [2011/04/14 06:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype [2011/04/14 06:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype [2011/04/11 10:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Unlocker [2011/04/11 07:45:43 | 000,000,000 | ---D | C] -- C:\rsit [2011/04/10 06:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com [2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Outils d'administration [2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Démarrage [2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Coolscript2 [2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\CCleaner [2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Radio Fr Solo 2.1 [2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer [2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Accessoires [2011/04/04 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis [2011/03/29 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/29 11:31:00 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/26 18:21:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr [2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011/04/26 18:11:09 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys [2011/04/26 18:11:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/26 09:26:10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2011/04/26 09:03:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\BELOTEXP.INI [2011/04/26 07:29:47 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Ludi.lnk [2011/04/25 13:12:57 | 012,660,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe [2011/04/25 08:33:01 | 000,000,332 | RHS- | M] () -- C:\boot.ini [2011/04/22 08:36:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk [2011/04/22 06:15:41 | 000,552,342 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2011/04/22 06:15:40 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/22 06:15:40 | 000,094,042 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2011/04/22 06:15:40 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/21 17:09:25 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011/04/20 10:29:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk [2011/04/17 18:54:08 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Page d'authentification - Caisse d'Epargne.url [2011/04/17 09:15:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/15 06:28:55 | 002,036,736 | ---- | M] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps [2011/04/14 06:56:23 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Microsoft PowerPoint.lnk [2011/04/14 06:55:44 | 000,001,208 | ---- | M] () -- C:\WINDOWS\Radio_Fr.ini [2011/04/13 07:08:12 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/07 07:09:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2011/04/05 06:31:37 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/04/05 06:31:37 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/26 18:21:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/25 08:33:01 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2011/04/25 08:32:56 | 000,263,488 | RHS- | C] () -- C:\cmldr [2011/04/21 17:09:25 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2011/04/20 10:29:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk [2011/04/15 06:28:53 | 002,036,736 | ---- | C] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps [2011/04/14 06:30:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk [2011/03/29 11:34:45 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/29 11:34:45 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/01/28 12:44:12 | 000,172,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/12/26 11:58:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2010/12/25 10:51:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/10/12 16:54:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/10/07 08:11:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI [2010/08/21 11:15:49 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BELOTEXP.INI [2010/08/21 10:53:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE [2010/08/21 08:35:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/08/21 08:03:12 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat [2010/08/20 17:52:07 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini [2010/08/20 17:05:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010/08/20 16:46:26 | 000,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/08/20 12:30:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/08/20 12:29:09 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/20 11:58:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/20 11:06:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010/08/20 11:01:33 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2010/08/20 10:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/08/20 10:38:31 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2007/03/09 16:27:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/05 14:00:00 | 000,552,342 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2004/08/05 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/05 14:00:00 | 000,094,042 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2004/08/05 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1998/10/27 00:00:00 | 001,691,408 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL [1998/10/27 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1998/10/27 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL [1998/10/27 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010/08/20 14:45:33 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Application Data [2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Bureau [2011/02/10 07:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Canon [2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Contacts [2010/08/20 14:45:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Favoris [2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FotoWire [2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GlarySoft [2010/12/04 09:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\gtk-2.0 [2010/08/20 14:48:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Local Settings [2010/08/20 14:48:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Menu Démarrer [2010/08/20 14:48:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Mes documents [2010/08/20 14:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Modèles [2011/01/08 09:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\moovida-1 [2010/08/22 08:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\OpenOffice.org [2010/08/20 14:59:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Recent [2010/08/20 14:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ScanSoft [2010/08/20 14:59:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\SendTo [2010/10/24 08:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SoftGrid Client [2010/08/20 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Todae [2010/12/10 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Tracing [2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage d'impression [2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage réseau [2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > [2011/03/21 07:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/08/20 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2011/04/26 18:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/29 11:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2010/10/10 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/02/16 07:36:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010/10/07 06:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2011/01/08 10:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real [2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/04/14 06:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2011/04/20 06:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras [2010/08/22 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/08/20 11:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2008/11/11 19:32:32 | 000,079,184 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe [2009/11/14 15:26:08 | 000,064,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\French\setup.exe [2010/10/01 21:02:22 | 000,648,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\autorun.exe [2010/10/01 21:02:20 | 000,064,120 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\setup.exe < %appdata% *.exe /s > < MD5 for: AGP440.SYS > [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ALG.EXE > [2004/08/05 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe [2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe [2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe < MD5 for: ATAPI.SYS > [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/05 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CSRSS.EXE > [2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe [2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe [2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe < MD5 for: EVENTLOG.DLL > [2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: FXSSVC.EXE > [2008/04/14 04:34:05 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=305687EB8C8E0A12A0B2BAE387B6E466 -- C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe [2004/08/05 14:00:00 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=312AD40E462BD61763B1166D6D8C1642 -- C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe < MD5 for: IESETUP.DLL > [2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\dllcache\iesetup.dll [2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\iesetup.dll [2008/04/14 04:33:26 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=61BF4A6E843A4FE8CE54448420B017D4 -- C:\WINDOWS\ServicePackFiles\i386\iesetup.dll [2004/08/05 14:00:00 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=ED2C35BB6489A71DEAB88E8AA12DC951 -- C:\WINDOWS\ie8\iesetup.dll < MD5 for: INSENG.DLL > [2010/04/16 17:21:22 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=2EBE30F9A0B657A6C4D8F19D63522246 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\inseng.dll [2004/08/05 14:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=3F2AC9F8FFF0A4DD2868B57AF2937E1D -- C:\WINDOWS\$NtUninstallKB982381$\inseng.dll [2008/04/14 04:33:27 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=46FFA5E6526403C1882843705BEA627C -- C:\WINDOWS\ServicePackFiles\i386\inseng.dll [2010/04/16 17:36:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=89986430979BA0BB2621E0BAB6AAAB7A -- C:\WINDOWS\ie8\inseng.dll [2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\dllcache\inseng.dll [2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\inseng.dll < MD5 for: LOCATOR.EXE > [2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\ServicePackFiles\i386\locator.exe [2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\system32\locator.exe [2004/08/05 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=57CF313EB5CB2C9A0B3FF67437BECDFA -- C:\WINDOWS\$NtServicePackUninstall$\locator.exe < MD5 for: LSASS.EXE > [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ERDNT\cache\lsass.exe [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe [2004/08/05 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=9F3744A5C6F49291A7A685040A013399 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe < MD5 for: MSDTC.EXE > [2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=680639B08040CEC24B8BD873B1F02F51 -- C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe [2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\ServicePackFiles\i386\msdtc.exe [2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\system32\msdtc.exe < MD5 for: MSHTML.DLL > [2010/11/06 02:25:05 | 005,960,704 | ---- | M] (Microsoft Corporation) MD5=04210EEC4675E1304C0F9BDCE7A6735F -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll [2010/09/10 07:50:17 | 005,957,120 | ---- | M] (Microsoft Corporation) MD5=07F85C15C4C0950DB8B5D4509D38182D -- C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll [2004/08/05 14:00:00 | 003,003,392 | ---- | M] (Microsoft Corporation) MD5=3FE8D0C4C2F3B928192BD06DCEE34B32 -- C:\WINDOWS\$NtUninstallKB982381$\mshtml.dll [2010/12/21 01:53:04 | 005,961,216 | ---- | M] (Microsoft Corporation) MD5=57840C53F8FA1928AD7A02A61C990401 -- C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll [2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll [2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\mshtml.dll [2010/04/16 18:07:56 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=5E2FF63E99CE871151A218DE09FC954F -- C:\WINDOWS\$hf_mig$\KB982381\SP3GDR\mshtml.dll [2010/12/21 01:52:00 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=6CEA3DF10D6B27C2A98EBDD4DDBE7646 -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll [2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\mshtml.dll [2010/11/06 02:21:44 | 005,959,168 | ---- | M] (Microsoft Corporation) MD5=77EF4923A564EE6415A0204B299C91C2 -- C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll [2010/06/24 14:28:32 | 005,954,560 | ---- | M] (Microsoft Corporation) MD5=7B63F9D998AF9FB1E147A71871773F9C -- C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll [2011/02/23 01:25:23 | 005,964,800 | ---- | M] (Microsoft Corporation) MD5=87AD8BE7B6A2AA21BD05BAEEC42ADE1C -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll [2010/04/16 17:36:38 | 003,086,336 | ---- | M] (Microsoft Corporation) MD5=89B865375750836754A2503F584760A4 -- C:\WINDOWS\ie8\mshtml.dll [2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\ERDNT\cache\mshtml.dll [2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\dllcache\mshtml.dll [2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\mshtml.dll [2010/04/16 17:21:25 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=BC72656B05A1DAE44C5B37709A19A575 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\mshtml.dll [2008/04/14 04:33:31 | 003,066,880 | ---- | M] (Microsoft Corporation) MD5=C4153F037157C7BE7C54FD88887F027D -- C:\WINDOWS\ServicePackFiles\i386\mshtml.dll [2010/06/24 14:25:23 | 005,951,488 | ---- | M] (Microsoft Corporation) MD5=D1829B36DF1006D2B0954910A757AF84 -- C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll [2009/03/08 04:41:16 | 005,937,152 | ---- | M] (Microsoft Corporation) MD5=D469A0EBA2EF5C6BEE8065B7E3196E5E -- C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll [2010/04/16 18:00:50 | 003,094,528 | ---- | M] (Microsoft Corporation) MD5=E393E03FEDA7DD46EC8351195CB1E8CD -- C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\mshtml.dll [2010/09/10 07:47:25 | 005,958,656 | ---- | M] (Microsoft Corporation) MD5=E97A32E6341D4ED609514D59EB5D0E3D -- C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll < MD5 for: NDIS.SYS > [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/05 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVGTS.SYS > [2009/06/30 17:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvgts.sys [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sata_ide\nvgts.sys < MD5 for: PNGFILT.DLL > [2010/04/16 17:36:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=0CC738DBAFE72D93AE04A353AC37475F -- C:\WINDOWS\ie8\pngfilt.dll [2004/08/05 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=218E0899E40D1ECD6A6E5B6D33805160 -- C:\WINDOWS\$NtUninstallKB982381$\pngfilt.dll [2008/04/14 04:33:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=881267FB3006D2519BA122A370D118DA -- C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll [2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\dllcache\pngfilt.dll [2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\pngfilt.dll [2010/04/16 17:21:26 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=E91CCDE0C6FE99E89FFDDB848DD49F19 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\pngfilt.dll < MD5 for: SCECLI.DLL > [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: SNMPTRAP.EXE > [2004/08/05 14:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4D5B5F0A63F52618E985E3C07BC783C1 -- C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe [2008/04/14 04:34:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=522BE2694B8E3B2300B335575DDDA50E -- C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe < MD5 for: SPOOLSV.EXE > [2010/08/17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe [2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe [2004/08/05 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=B4EF928E4FAD79364A80ACBA6D999934 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe < MD5 for: TCPIP.SYS > [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2004/08/05 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: USERINIT.EXE > [2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: VSSVC.EXE > [2004/08/05 14:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=0F5B203240184D34852936696DF3E91D -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe [2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe [2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\system32\vssvc.exe < MD5 for: WEBCHECK.DLL > [2004/08/05 14:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=85F7D0705A6781F9B07D6AA6341EBE75 -- C:\WINDOWS\ie8\webcheck.dll [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\dllcache\webcheck.dll [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\webcheck.dll [2008/04/14 04:33:48 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=D38149872202B39139740319AAE84D30 -- C:\WINDOWS\ServicePackFiles\i386\webcheck.dll < MD5 for: WINLOGON.EXE > [2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WMIAPSRV.EXE > [2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe [2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\system32\wbem\wmiapsrv.exe [2004/08/05 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=77945EA0BFDD662203F07FE5513A409D -- C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe < MD5 for: WMPNETWK.EXE > [2006/11/03 09:59:14 | 000,918,016 | ---- | M] (Microsoft Corporation) MD5=C9BEA742CE225CC993C9465FDDAE4656 -- C:\Program Files\Windows Media Player\wmpnetwk.exe < %systemroot%\*. /mp /s > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Robert\Bureau\Robert.exe:Updt_SummaryInformation < End of report > vlici le second rapport OTL Extras logfile created on: 26/04/2011 18:21:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Coolscript2\cool script.exe" = C:\Program Files\Coolscript2\cool script.exe:*:Enabled:Cool -- (Cool Co. Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0810B8B7-7539-41D3-983E-6127FCF1CC9E}" = Ma-Config.com "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D6B54EF-65E4-4624-8709-03A3BBE2C240}" = e-Carte Bleue LCL "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10 "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage "{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9FD78518-7CBD-4071-8BE2-DDCA898890E0}" = network module "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A46C3CC2-B6F2-492D-83BF-52EB320307CC}" = Microsoft Office XP - Autoformation Interactive "{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam "{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.6 - Français "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr "CCleaner" = CCleaner "Coolscript2" = CoolScript2(remove) "Defraggler" = Defraggler "e-Carte Bleue VISA Cléo" = e-Carte Bleue VISA Cléo "Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series "Glary Utilities_is1" = Glary Utilities 2.33.0.1158 "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "Logitech Print Service" = Logitech Print Service "Ludi" = Ludi "Ludiclub.com" = Ludiclub.com "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "mIRC" = mIRC "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PhotoFiltre" = PhotoFiltre "PowerpointImageExtractor_is1" = PowerpointImageExtractor "PPTView97" = Microsoft PowerPoint Viewer 97 "QcDrv" = Programme de gestion Camera de Logitech® "Radio_Fr" = Radio Fr Solo 2.1 "Unlocker" = Unlocker 1.9.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Zeb Help Process_is1" = ZebHelpProcess 2.46 "ZHPDiag_is1" = ZHPDiag 1.27 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ System Events ] Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Service de gestion du système CryproStorage. Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7000 Description = Le service Service de gestion du système CryproStorage n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 27/03/2011 08:44:32 | Computer Name = MERIGLIE-8B4AA0 | Source = System Error | ID = 1003 Description = Code erreur 1000007e, paramètre 1 c0000005, paramètre 2 a64e912c, paramètre 3 a5e8ab10, paramètre 4 a5e8a80c. Error - 16/03/2011 13:29:04 | Computer Name = MERIGLIE-8B4AA0 | Source = W32Time | ID = 39452706 Description = Le service de temps a détecté que l'heure système doit être modifiée de +2674802 secondes. Le service de temps ne va pas modifier l'heure système de plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) fonctionne correctement. Error - 25/04/2011 03:03:01 | Computer Name = MERIGLIE-8B4AA0 | Source = PlugPlayManager | ID = 11 Description = Le périphérique Root\LEGACY_UNLOCKERDRIVER5\0000 a disparu du système sans que sa suppression ait tout d'abord été préparée. Error - 25/04/2011 23:20:05 | Computer Name = MERIGLIE-8B4AA0 | Source = Dhcp | ID = 1002 Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 406186C33FAB a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = SRService | ID = 104 Description = Le processus d'initialisation de la restauration du système a échoué. Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7023 Description = Le service Service de restauration système s'est arrêté avec l'erreur : %%2 < End of report >

voici les rapports: OTL logfile created on: 26/04/2011 18:21:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr PRC - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) -- C:\Program Files\Microsoft\sysNM.exe PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2010/07/04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006/02/07 10:07:02 | 000,200,704 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe PRC - [2003/08/29 15:20:02 | 000,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe PRC - [2003/08/29 08:44:50 | 000,135,214 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVComS.exe ========== Modules (SafeList) ========== MOD - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010/07/04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Microsoft\sysNM.exe -- (WinSysINM) SRV - [2011/03/10 14:42:22 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice) SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service) ========== Driver Services (SafeList) ========== DRV - [2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/08/30 11:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2) DRV - [2009/12/25 12:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec) DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009/11/27 09:20:06 | 000,177,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG) DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2003/08/29 08:43:48 | 000,334,096 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = Sign In IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Banque et Assurance LCL - Le Crédit Lyonnais Particuliers [binary data] IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Abonnement Adsl Haut débit avec Alice France. Page d'accueil du portail. IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/21 08:09:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/28 11:15:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/29 11:33:04 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eCarteBleue-CLEO] C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe (Orbiscom Ltd. All rights reserved.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab (Kaspersky License Finder) O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab (KeybHunterWebInterface Class) O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} http://www.super-messenger.fr/tab/HookWlmEx.exe (HookWlmEx Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282320427890 (MUWebControl Class) O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab (Microsoft Office XP Professional Step by Step Interactive) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab ("Ma-Config.com control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/20 10:40:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011/04/26 18:16:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr [2011/04/25 13:12:57 | 012,660,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe [2011/04/25 09:18:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/04/25 08:32:53 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/04/25 08:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/04/24 15:20:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2011/04/24 15:20:10 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2011/04/24 10:25:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent [2011/04/22 17:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Mes documents\depannage zebulon [2011/04/22 06:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java [2011/04/22 06:16:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP [2011/04/14 06:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras [2011/04/14 06:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype [2011/04/14 06:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype [2011/04/11 10:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Unlocker [2011/04/11 07:45:43 | 000,000,000 | ---D | C] -- C:\rsit [2011/04/10 06:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com [2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Outils d'administration [2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Démarrage [2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Coolscript2 [2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\CCleaner [2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Radio Fr Solo 2.1 [2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer [2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Accessoires [2011/04/04 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis [2011/03/29 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2011/03/29 11:31:00 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/26 18:21:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr [2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011/04/26 18:11:09 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys [2011/04/26 18:11:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/26 09:26:10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2011/04/26 09:03:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\BELOTEXP.INI [2011/04/26 07:29:47 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Ludi.lnk [2011/04/25 13:12:57 | 012,660,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe [2011/04/25 08:33:01 | 000,000,332 | RHS- | M] () -- C:\boot.ini [2011/04/22 08:36:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk [2011/04/22 06:15:41 | 000,552,342 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2011/04/22 06:15:40 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/22 06:15:40 | 000,094,042 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2011/04/22 06:15:40 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/21 17:09:25 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2011/04/20 10:29:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk [2011/04/17 18:54:08 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Page d'authentification - Caisse d'Epargne.url [2011/04/17 09:15:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/15 06:28:55 | 002,036,736 | ---- | M] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps [2011/04/14 06:56:23 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Microsoft PowerPoint.lnk [2011/04/14 06:55:44 | 000,001,208 | ---- | M] () -- C:\WINDOWS\Radio_Fr.ini [2011/04/13 07:08:12 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/07 07:09:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk [2011/04/05 06:31:37 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/04/05 06:31:37 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/26 18:21:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/25 08:33:01 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2011/04/25 08:32:56 | 000,263,488 | RHS- | C] () -- C:\cmldr [2011/04/21 17:09:25 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2011/04/20 10:29:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk [2011/04/15 06:28:53 | 002,036,736 | ---- | C] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps [2011/04/14 06:30:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk [2011/03/29 11:34:45 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011/03/29 11:34:45 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011/01/28 12:44:12 | 000,172,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2010/12/26 11:58:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2010/12/25 10:51:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/10/12 16:54:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/10/07 08:11:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI [2010/08/21 11:15:49 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BELOTEXP.INI [2010/08/21 10:53:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE [2010/08/21 08:35:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/08/21 08:03:12 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat [2010/08/20 17:52:07 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini [2010/08/20 17:05:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010/08/20 16:46:26 | 000,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/08/20 12:30:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/08/20 12:29:09 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/20 11:58:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/20 11:06:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010/08/20 11:01:33 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2010/08/20 10:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/08/20 10:38:31 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2007/03/09 16:27:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/05 14:00:00 | 000,552,342 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2004/08/05 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/05 14:00:00 | 000,094,042 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2004/08/05 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1998/10/27 00:00:00 | 001,691,408 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL [1998/10/27 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1998/10/27 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL [1998/10/27 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010/08/20 14:45:33 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Application Data [2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Bureau [2011/02/10 07:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Canon [2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Contacts [2010/08/20 14:45:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Favoris [2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FotoWire [2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GlarySoft [2010/12/04 09:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\gtk-2.0 [2010/08/20 14:48:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Local Settings [2010/08/20 14:48:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Menu Démarrer [2010/08/20 14:48:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Mes documents [2010/08/20 14:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Modèles [2011/01/08 09:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\moovida-1 [2010/08/22 08:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\OpenOffice.org [2010/08/20 14:59:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Recent [2010/08/20 14:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ScanSoft [2010/08/20 14:59:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\SendTo [2010/10/24 08:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SoftGrid Client [2010/08/20 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Todae [2010/12/10 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Tracing [2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage d'impression [2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage réseau [2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > [2011/03/21 07:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/08/20 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2011/04/26 18:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2011/03/29 11:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com [2010/10/10 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/02/16 07:36:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010/10/07 06:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2011/01/08 10:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real [2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2011/04/14 06:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2011/04/20 06:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras [2010/08/22 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/08/20 11:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2008/11/11 19:32:32 | 000,079,184 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe [2009/11/14 15:26:08 | 000,064,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\French\setup.exe [2010/10/01 21:02:22 | 000,648,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\autorun.exe [2010/10/01 21:02:20 | 000,064,120 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\setup.exe < %appdata% *.exe /s > < MD5 for: AGP440.SYS > [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ALG.EXE > [2004/08/05 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe [2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe [2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe < MD5 for: ATAPI.SYS > [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/05 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CSRSS.EXE > [2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe [2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe [2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe < MD5 for: EVENTLOG.DLL > [2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: FXSSVC.EXE > [2008/04/14 04:34:05 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=305687EB8C8E0A12A0B2BAE387B6E466 -- C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe [2004/08/05 14:00:00 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=312AD40E462BD61763B1166D6D8C1642 -- C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe < MD5 for: IESETUP.DLL > [2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\dllcache\iesetup.dll [2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\iesetup.dll [2008/04/14 04:33:26 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=61BF4A6E843A4FE8CE54448420B017D4 -- C:\WINDOWS\ServicePackFiles\i386\iesetup.dll [2004/08/05 14:00:00 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=ED2C35BB6489A71DEAB88E8AA12DC951 -- C:\WINDOWS\ie8\iesetup.dll < MD5 for: INSENG.DLL > [2010/04/16 17:21:22 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=2EBE30F9A0B657A6C4D8F19D63522246 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\inseng.dll [2004/08/05 14:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=3F2AC9F8FFF0A4DD2868B57AF2937E1D -- C:\WINDOWS\$NtUninstallKB982381$\inseng.dll [2008/04/14 04:33:27 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=46FFA5E6526403C1882843705BEA627C -- C:\WINDOWS\ServicePackFiles\i386\inseng.dll [2010/04/16 17:36:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=89986430979BA0BB2621E0BAB6AAAB7A -- C:\WINDOWS\ie8\inseng.dll [2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\dllcache\inseng.dll [2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\inseng.dll < MD5 for: LOCATOR.EXE > [2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\ServicePackFiles\i386\locator.exe [2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\system32\locator.exe [2004/08/05 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=57CF313EB5CB2C9A0B3FF67437BECDFA -- C:\WINDOWS\$NtServicePackUninstall$\locator.exe < MD5 for: LSASS.EXE > [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ERDNT\cache\lsass.exe [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe [2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe [2004/08/05 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=9F3744A5C6F49291A7A685040A013399 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe < MD5 for: MSDTC.EXE > [2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=680639B08040CEC24B8BD873B1F02F51 -- C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe [2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\ServicePackFiles\i386\msdtc.exe [2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\system32\msdtc.exe < MD5 for: MSHTML.DLL > [2010/11/06 02:25:05 | 005,960,704 | ---- | M] (Microsoft Corporation) MD5=04210EEC4675E1304C0F9BDCE7A6735F -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll [2010/09/10 07:50:17 | 005,957,120 | ---- | M] (Microsoft Corporation) MD5=07F85C15C4C0950DB8B5D4509D38182D -- C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll [2004/08/05 14:00:00 | 003,003,392 | ---- | M] (Microsoft Corporation) MD5=3FE8D0C4C2F3B928192BD06DCEE34B32 -- C:\WINDOWS\$NtUninstallKB982381$\mshtml.dll [2010/12/21 01:53:04 | 005,961,216 | ---- | M] (Microsoft Corporation) MD5=57840C53F8FA1928AD7A02A61C990401 -- C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll [2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll [2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\mshtml.dll [2010/04/16 18:07:56 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=5E2FF63E99CE871151A218DE09FC954F -- C:\WINDOWS\$hf_mig$\KB982381\SP3GDR\mshtml.dll [2010/12/21 01:52:00 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=6CEA3DF10D6B27C2A98EBDD4DDBE7646 -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll [2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\mshtml.dll [2010/11/06 02:21:44 | 005,959,168 | ---- | M] (Microsoft Corporation) MD5=77EF4923A564EE6415A0204B299C91C2 -- C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll [2010/06/24 14:28:32 | 005,954,560 | ---- | M] (Microsoft Corporation) MD5=7B63F9D998AF9FB1E147A71871773F9C -- C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll [2011/02/23 01:25:23 | 005,964,800 | ---- | M] (Microsoft Corporation) MD5=87AD8BE7B6A2AA21BD05BAEEC42ADE1C -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll [2010/04/16 17:36:38 | 003,086,336 | ---- | M] (Microsoft Corporation) MD5=89B865375750836754A2503F584760A4 -- C:\WINDOWS\ie8\mshtml.dll [2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\ERDNT\cache\mshtml.dll [2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\dllcache\mshtml.dll [2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\mshtml.dll [2010/04/16 17:21:25 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=BC72656B05A1DAE44C5B37709A19A575 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\mshtml.dll [2008/04/14 04:33:31 | 003,066,880 | ---- | M] (Microsoft Corporation) MD5=C4153F037157C7BE7C54FD88887F027D -- C:\WINDOWS\ServicePackFiles\i386\mshtml.dll [2010/06/24 14:25:23 | 005,951,488 | ---- | M] (Microsoft Corporation) MD5=D1829B36DF1006D2B0954910A757AF84 -- C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll [2009/03/08 04:41:16 | 005,937,152 | ---- | M] (Microsoft Corporation) MD5=D469A0EBA2EF5C6BEE8065B7E3196E5E -- C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll [2010/04/16 18:00:50 | 003,094,528 | ---- | M] (Microsoft Corporation) MD5=E393E03FEDA7DD46EC8351195CB1E8CD -- C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\mshtml.dll [2010/09/10 07:47:25 | 005,958,656 | ---- | M] (Microsoft Corporation) MD5=E97A32E6341D4ED609514D59EB5D0E3D -- C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll < MD5 for: NDIS.SYS > [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/05 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVGTS.SYS > [2009/06/30 17:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvgts.sys [2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sata_ide\nvgts.sys < MD5 for: PNGFILT.DLL > [2010/04/16 17:36:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=0CC738DBAFE72D93AE04A353AC37475F -- C:\WINDOWS\ie8\pngfilt.dll [2004/08/05 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=218E0899E40D1ECD6A6E5B6D33805160 -- C:\WINDOWS\$NtUninstallKB982381$\pngfilt.dll [2008/04/14 04:33:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=881267FB3006D2519BA122A370D118DA -- C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll [2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\dllcache\pngfilt.dll [2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\pngfilt.dll [2010/04/16 17:21:26 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=E91CCDE0C6FE99E89FFDDB848DD49F19 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\pngfilt.dll < MD5 for: SCECLI.DLL > [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: SNMPTRAP.EXE > [2004/08/05 14:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4D5B5F0A63F52618E985E3C07BC783C1 -- C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe [2008/04/14 04:34:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=522BE2694B8E3B2300B335575DDDA50E -- C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe < MD5 for: SPOOLSV.EXE > [2010/08/17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe [2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe [2004/08/05 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=B4EF928E4FAD79364A80ACBA6D999934 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe < MD5 for: TCPIP.SYS > [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2004/08/05 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: USERINIT.EXE > [2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: VSSVC.EXE > [2004/08/05 14:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=0F5B203240184D34852936696DF3E91D -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe [2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe [2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\system32\vssvc.exe < MD5 for: WEBCHECK.DLL > [2004/08/05 14:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=85F7D0705A6781F9B07D6AA6341EBE75 -- C:\WINDOWS\ie8\webcheck.dll [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\dllcache\webcheck.dll [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\webcheck.dll [2008/04/14 04:33:48 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=D38149872202B39139740319AAE84D30 -- C:\WINDOWS\ServicePackFiles\i386\webcheck.dll < MD5 for: WINLOGON.EXE > [2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WMIAPSRV.EXE > [2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe [2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\system32\wbem\wmiapsrv.exe [2004/08/05 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=77945EA0BFDD662203F07FE5513A409D -- C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe < MD5 for: WMPNETWK.EXE > [2006/11/03 09:59:14 | 000,918,016 | ---- | M] (Microsoft Corporation) MD5=C9BEA742CE225CC993C9465FDDAE4656 -- C:\Program Files\Windows Media Player\wmpnetwk.exe < %systemroot%\*. /mp /s > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Robert\Bureau\Robert.exe:Updt_SummaryInformation < End of report > vlici le second rapport OTL Extras logfile created on: 26/04/2011 18:21:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Coolscript2\cool script.exe" = C:\Program Files\Coolscript2\cool script.exe:*:Enabled:Cool -- (Cool Co. Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0810B8B7-7539-41D3-983E-6127FCF1CC9E}" = Ma-Config.com "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D6B54EF-65E4-4624-8709-03A3BBE2C240}" = e-Carte Bleue LCL "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10 "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage "{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9FD78518-7CBD-4071-8BE2-DDCA898890E0}" = network module "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A46C3CC2-B6F2-492D-83BF-52EB320307CC}" = Microsoft Office XP - Autoformation Interactive "{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam "{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.6 - Français "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr "CCleaner" = CCleaner "Coolscript2" = CoolScript2(remove) "Defraggler" = Defraggler "e-Carte Bleue VISA Cléo" = e-Carte Bleue VISA Cléo "Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series "Glary Utilities_is1" = Glary Utilities 2.33.0.1158 "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "Logitech Print Service" = Logitech Print Service "Ludi" = Ludi "Ludiclub.com" = Ludiclub.com "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA "mIRC" = mIRC "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PhotoFiltre" = PhotoFiltre "PowerpointImageExtractor_is1" = PowerpointImageExtractor "PPTView97" = Microsoft PowerPoint Viewer 97 "QcDrv" = Programme de gestion Camera de Logitech® "Radio_Fr" = Radio Fr Solo 2.1 "Unlocker" = Unlocker 1.9.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Zeb Help Process_is1" = ZebHelpProcess 2.46 "ZHPDiag_is1" = ZHPDiag 1.27 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ System Events ] Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Service de gestion du système CryproStorage. Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7000 Description = Le service Service de gestion du système CryproStorage n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 27/03/2011 08:44:32 | Computer Name = MERIGLIE-8B4AA0 | Source = System Error | ID = 1003 Description = Code erreur 1000007e, paramètre 1 c0000005, paramètre 2 a64e912c, paramètre 3 a5e8ab10, paramètre 4 a5e8a80c. Error - 16/03/2011 13:29:04 | Computer Name = MERIGLIE-8B4AA0 | Source = W32Time | ID = 39452706 Description = Le service de temps a détecté que l'heure système doit être modifiée de +2674802 secondes. Le service de temps ne va pas modifier l'heure système de plus de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) fonctionne correctement. Error - 25/04/2011 03:03:01 | Computer Name = MERIGLIE-8B4AA0 | Source = PlugPlayManager | ID = 11 Description = Le périphérique Root\LEGACY_UNLOCKERDRIVER5\0000 a disparu du système sans que sa suppression ait tout d'abord été préparée. Error - 25/04/2011 23:20:05 | Computer Name = MERIGLIE-8B4AA0 | Source = Dhcp | ID = 1002 Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 406186C33FAB a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK). Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = SRService | ID = 104 Description = Le processus d'initialisation de la restauration du système a échoué. Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7023 Description = Le service Service de restauration système s'est arrêté avec l'erreur : %%2 < End of report >

bonjour ne vous vexez pas je pose juste une question.je ne connais pas firefox c est pour cela que j hesite à passer sur ce navigateur. mais si il le faut j y passerai merci encore

re le fait de passer à firefox supprimera cette cochonnerie? il n'existe pas un logiciel pour supprimer ces pub? je possede le cd sp3 serait il suceptible d'éradiquer ce probleme? j ai vu sur ce site que pour un cas similaire on utilisait OTL et security check ces logiciels ne s'appliquent pas à mon probleme?

voci le rapport: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: A6040000 Module End: A6058000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F79C9000 Module End: F79CB000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwAdjustPrivilegesToken Address: A77D9598 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwClose Address: A77D9E18 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwConnectPort Address: A77DA92E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateEvent Address: A77DAEA0 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateFile Address: A77DA0FA Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateKey Address: A77D8442 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateMutant Address: A77DAD78 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateNamedPipeFile Address: A77D919E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreatePort Address: A77DAC34 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateSection Address: A77D935A Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateSemaphore Address: A77DAFD2 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateSymbolicLinkObject Address: A77DCC14 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateThread Address: A77D9AB6 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwCreateWaitablePort Address: A77DACD6 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwDebugActiveProcess Address: A77DC606 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwDeleteKey Address: A77D8A06 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwDeleteValueKey Address: A77D8D94 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwDeviceIoControlFile Address: A77DA582 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwDuplicateObject Address: A77DD5D6 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwEnumerateKey Address: A77D8ED6 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwEnumerateValueKey Address: A77D8F80 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwFsControlFile Address: A77DA38E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwLoadDriver Address: A77DC698 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwLoadKey Address: A77D841E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwLoadKey2 Address: A77D8430 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwMapViewOfSection Address: A77DCCC8 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwNotifyChangeKey Address: A77D90CC Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenEvent Address: A77DAF42 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenFile Address: A77D9E9A Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenKey Address: A77D85E8 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenMutant Address: A77DAE10 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenProcess Address: A77D979E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenSection Address: A77DCC3E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenSemaphore Address: A77DB074 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwOpenThread Address: A77D96C2 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwQueryKey Address: A77D902A Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwQueryMultipleValueKey Address: A77D8C52 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwQuerySection Address: A77DCFE0 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwQueryValueKey Address: A77D88A2 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwQueueApcThread Address: A77DC92E Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwRenameKey Address: A77D8B1A Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwReplaceKey Address: A77D82BC Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwReplyPort Address: A77DB3FE Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwReplyWaitReceivePort Address: A77DB2C4 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwRequestWaitReplyPort Address: A77DC3A6 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwRestoreKey Address: A77DFE38 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwResumeThread Address: A77DD4B8 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSaveKey Address: A77D8254 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSecureConnectPort Address: A77DA668 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSetContextThread Address: A77D9CD4 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSetInformationToken Address: A77DBC56 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSetSecurityObject Address: A77DC792 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSetSystemInformation Address: A77DD120 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSetValueKey Address: A77D872A Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSuspendProcess Address: A77DD204 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSuspendThread Address: A77DD32C Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwSystemDebugControl Address: A77DC532 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwTerminateProcess Address: A77D9916 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwTerminateThread Address: A77D986C Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwUnmapViewOfSection Address: A77DCE96 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys Function Name: ZwWriteVirtualMemory Address: A77D99F6 Driver Base: A77B9000 Driver End: A780A000 Driver Name: \SystemRoot\system32\DRIVERS\klif.sys ****************************************************************************************** ****************************************************************************************** No Kernel Hooks found ****************************************************************************************** ****************************************************************************************** No IRP Hooks found ****************************************************************************************** ****************************************************************************************** Ports: Local Address: MERIGLIE-8B4AA0:1291 Remote Address: 77.67.20.193:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1277 Remote Address: 62.161.94.221:HTTP Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1271 Remote Address: A92-123-231-139.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1231 Remote Address: WW-IN-F148.1E100.NET:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1219 Remote Address: BRU01M01-IN-F100.1E100.NET:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1213 Remote Address: 178.250.1.71:HTTP Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1181 Remote Address: WWW.FREE.FR:HTTP Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1107 Remote Address: 81.52.160.160:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1105 Remote Address: 81.52.160.160:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: CLOSE_WAIT Local Address: MERIGLIE-8B4AA0:1102 Remote Address: 81.52.160.160:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: CLOSE_WAIT Local Address: MERIGLIE-8B4AA0:1098 Remote Address: 81.52.160.160:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: CLOSE_WAIT Local Address: MERIGLIE-8B4AA0:1076 Remote Address: BRU01S01-IN-F149.1E100.NET:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1072 Remote Address: WW-IN-F149.1E100.NET:HTTP Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1050 Remote Address: 193.110.152.58:HTTPS Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1049 Remote Address: 193.110.152.58:HTTPS Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1048 Remote Address: 193.110.152.58:HTTPS Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: MERIGLIE-8B4AA0:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: MERIGLIE-8B4AA0:1290 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1276 Remote Address: LOCALHOST:1110 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1270 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1230 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1218 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1180 Remote Address: LOCALHOST:1110 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1290 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1288 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1282 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1280 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1270 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1266 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1258 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1246 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1243 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1242 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1240 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1232 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1230 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1228 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1218 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1216 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1214 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1210 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1208 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1203 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1201 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1200 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1199 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1198 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1196 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1194 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1190 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1189 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1188 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1185 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1183 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1182 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1177 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1176 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1174 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1172 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1170 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1168 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1166 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1164 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1162 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1160 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1157 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1156 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1153 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1151 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1150 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1148 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1144 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1142 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1141 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1140 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1134 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1133 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1132 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1131 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1130 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1127 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1126 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1124 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1122 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1120 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1115 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1113 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1112 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:KPOP Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1104 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1103 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1100 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: FIN_WAIT2 Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1099 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: FIN_WAIT2 Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1094 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: FIN_WAIT2 Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1090 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1089 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1085 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1082 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1081 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1079 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1078 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1077 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1075 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1073 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1071 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1069 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1067 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1063 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1062 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1061 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1059 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1056 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1054 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1053 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1110 Remote Address: LOCALHOST:1037 Type: TCP Process: [system Idle Process] State: TIME_WAIT Local Address: MERIGLIE-8B4AA0:1103 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1100 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: CLOSE_WAIT Local Address: MERIGLIE-8B4AA0:1099 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: CLOSE_WAIT Local Address: MERIGLIE-8B4AA0:1094 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: CLOSE_WAIT Local Address: MERIGLIE-8B4AA0:1075 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1071 Remote Address: LOCALHOST:1110 Type: TCP Process: C:\Program Files\Internet Explorer\iexplore.exe State: ESTABLISHED Local Address: MERIGLIE-8B4AA0:1031 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: MERIGLIE-8B4AA0:19780 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: LISTENING Local Address: MERIGLIE-8B4AA0:12321 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: LISTENING Local Address: MERIGLIE-8B4AA0:1110 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe State: LISTENING Local Address: MERIGLIE-8B4AA0:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: MERIGLIE-8B4AA0:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: MERIGLIE-8B4AA0:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: MERIGLIE-8B4AA0:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: MERIGLIE-8B4AA0:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: MERIGLIE-8B4AA0:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: MERIGLIE-8B4AA0:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: MERIGLIE-8B4AA0:1036 Remote Address: NA Type: UDP Process: C:\Program Files\Internet Explorer\iexplore.exe State: NA Local Address: MERIGLIE-8B4AA0:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: MERIGLIE-8B4AA0:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: MERIGLIE-8B4AA0:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: MERIGLIE-8B4AA0:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume1\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{6D747480-E26F-11DF-AC2E-4 Status: Hidden dans internet ==>options j ai mis interdire les pub mais ça ne change pas grand chose il n'y a aucune ligne rouge dois je installer Installer Firefox avec l'extension Adblock+?

bonjour voici le rapport combofix: ComboFix 11-04-24.04 - Robert 25/04/2011 8:57.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2038.1546 [GMT 2:00] Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-03-25 au 2011-04-25 )))))))))))))))))))))))))))))))))))) . . 2011-04-24 13:20 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-04-24 13:20 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-04-22 04:16 . 2011-04-22 04:16 -------- d-----w- c:\program files\Fichiers communs\Java 2011-04-21 16:14 . 2011-04-25 04:56 -------- d-----w- c:\program files\ZHPDiag 2011-04-21 15:09 . 2011-04-21 15:09 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-04-14 04:31 . 2011-04-20 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-04-14 04:30 . 2011-04-14 04:30 -------- d-----w- c:\program files\Fichiers communs\Skype 2011-04-13 05:41 . 2011-04-13 05:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-04-11 05:45 . 2011-04-11 05:45 -------- d-----w- C:\rsit 2011-04-06 10:03 . 2011-04-06 10:03 -------- d-----w- c:\documents and settings\Robert\Menu Démarrer 2011-03-29 09:34 . 2011-04-05 04:31 97859 ----a-w- c:\windows\system32\drivers\klick.dat 2011-03-29 09:34 . 2011-04-05 04:31 115267 ----a-w- c:\windows\system32\drivers\klin.dat 2011-03-29 09:31 . 2011-03-29 09:31 -------- d-----w- c:\program files\Kaspersky Lab . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-09 06:19 . 2011-03-09 06:19 86576 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe 2011-03-09 06:19 . 2011-03-09 06:19 392728 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll 2011-03-09 06:19 . 2011-03-09 06:19 132672 ----a-w- c:\documents and settings\Robert\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe 2011-03-07 05:33 . 2010-08-20 08:38 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-05 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-05 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:05 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:05 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:05 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:42 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-05 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-05 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-05 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:34 . 2004-08-05 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:34 . 2004-08-05 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 19:40 . 2010-08-22 06:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 17:19 . 2010-08-28 09:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:59 . 2010-08-20 08:37 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-08-20 08:37 677888 ----a-w- c:\windows\system32\mstsc.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "eCarteBleue-CLEO"="c:\program files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" [2006-02-07 200704] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-08-29 188416] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-08-29 77824] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [26/03/2011 08:34 88632] R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [26/03/2011 08:34 39352] R2 CSObjectsSrv;Service de gestion du système CryproStorage;c:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992] R2 WinSysINM;WinSysINM;c:\program files\Microsoft\sysNM.exe [12/04/2011 14:15 20480] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/08/2010 11:06 1691480] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [10/03/2011 14:42 311744] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/01/2011 07:26 38224] S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] . Contenu du dossier 'Tâches planifiées' . 2011-04-25 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2011-01-16 16:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://aliceadsl.fr/ IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} - hxxp://www.super-messenger.fr/tab/HookWlmEx.exe DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-25 09:03 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2011-04-25 09:06:50 ComboFix-quarantined-files.txt 2011-04-25 07:06 . Avant-CF: 37 112 815 616 octets libres Après-CF: 37 068 726 272 octets libres . - - End Of File - - BA59E6E4CB0956DA8D1A267DB55858F3 et j ai encore des pub

bonjour et bon w.e de Paques hélas ce matin j'ai encore des pub pourtant rien depuis hier après midi

re pour l instant non.je post demain matin si j en ai d autres. merci encore et toutes mes excuses pour l autre post.

bonjour voici le rapport: Rapport de ZHPFix 1.12.3275 par Nicolas Coolman, Update du 11/04/2011 Fichier d'export Registre : Run by Robert at 23/04/2011 15:35:59 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} => Clé supprimée avec succès O64 - Services: CurCS - (.not file.) - service de mise a jour pour IP networker (IP netservices) .(...) - LEGACY_IP_NETSERVICES => Clé supprimée avec succès O64 - Services: CurCS - E:\CDriver.sys (.not file.) - MSICDSetup (MSICDSetup) .(...) - LEGACY_MSICDSETUP => Clé supprimée avec succès O64 - Services: CurCS - (.not file.) - Sftredir (Sftredir) .(...) - LEGACY_SFTREDIR => Clé supprimée avec succès ========== Elément(s) de donnée du Registre ========== [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified => Donnée supprimée avec succès ========== Récapitulatif ========== 4 : Clé(s) du Registre 1 : Elément(s) de donnée du Registre End of the scan Rapport de ZHPFix 1.12.3275 par Nicolas Coolman, Update du 11/04/2011 Fichier d'export Registre : C:\ZHPExportRegistry-23-04-2011-16-51-55.txt Run by Robert at 23/04/2011 16:54:41 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html ========== Clé(s) du Registre ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} => Clé absente O64 - Services: CurCS - (.not file.) - service de mise a jour pour IP networker (IP netservices) .(...) - LEGACY_IP_NETSERVICES => Clé supprimée avec succès O64 - Services: CurCS - E:\CDriver.sys (.not file.) - MSICDSetup (MSICDSetup) .(...) - LEGACY_MSICDSETUP => Clé supprimée avec succès O64 - Services: CurCS - (.not file.) - Sftredir (Sftredir) .(...) - LEGACY_SFTREDIR => Clé supprimée avec succès ========== Autre ========== HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified => Format Non supporté ========== Récapitulatif ========== 4 : Clé(s) du Registre 1 : Autre End of the scan

tout d abord je vous prie de m excuser d avoir ouvert un nouveau post. voici le rapport: Rapport de ZHPDiag v1.27.1903 par Nicolas Coolman, Update du 17/04/2011 Run by Robert at 23/04/2011 10:02:05 Web site : ZHPDiag Outil de diagnostic ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) GCIE: Google Chrome ---\\ System Information Windows XP Home Edition Service Pack 3 (Build 2600) Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2038 MB (71% free) System Restore: Activé (Enable) System drive C: has 35 GB (61%) free of 56 GB ---\\ Logged in mode Computer Name: MERIGLIE-8B4AA0 User Name: Robert All Users Names: SUPPORT_388945a0, Robert, HelpAssistant, ASPNET, Administrateur, Unselected Option: O45,O61,O62,O65,O66,O82 Logged in as Administrator ---\\ Environnement Variables %AppData%=C:\Documents and Settings\Robert\Application Data %LocalAppData%=C:\Documents and Settings\Robert\Local Settings\Application Data %StartMenu%=C:\Documents and Settings\Robert\Menu Démarrer ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 35 Go of 56 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.77C66BD5CED4E555919A5FB713322CDD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/02/2011 00:05:48.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 19:40:30.) -- C:\WINDOWS\system32\drivers\atapi.sys [96512] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574976] ---\\ Processus lancés [MD5.29DEB59DE57EA97553B1566F04B39D11] - (.American Power Conversion Corporation - Battery backup management service.) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176241] [MD5.A2B790F9A751F24F17967F9A5574186D] - (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe [348760] [MD5.6E5B42219F1FE4A3D087D9D501E343D5] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992] [MD5.5E06A9D23727DAF96FAA796F1135FDCD] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.1EDC93D7BD731B5CA6248AE245099B60] - (.Microsoft Corporation - UPS Service.) -- C:\WINDOWS\System32\ups.exe [18432] [MD5.A9F69E06E0D51CACB6FF7751AC19679D] - (.Microsoft - sysNM.) -- C:\Program Files\Microsoft\sysNM.exe [20480] [MD5.4F0BED169FAB31EA094A649B0473B5C6] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [135168] [MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [MD5.F8D427DAE2984A4968E2D1CB53634784] - (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400] [MD5.ED04656BDAB64EA5C5DEA7C759106042] - (.Orbiscom Ltd. All rights reserved. - e-Carte Bleue.) -- C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe [200704] [MD5.A2A570828AFDB7F96B11C9E0B6EDBAB4] - (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe [77824] [MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [MD5.554D891F18BEE41940A280195B27BCB4] - (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVComS.exe [135214] [MD5.4FBCAEEB4C1E954D01A1561298D7D697] - (.Pas de propriétaire - Radio Fr Solo.) -- C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe [262144] [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [MD5.D6D0AD94EFC131772C3265F242D78FCB] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [644096] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60310.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) G0 - GCSP: Preference [user Data\Default][HomePage] Google ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Abonnement Adsl Haut débit avec Alice France. Page d'accueil du portail. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKUS\S-1-5-21-602162358-1844823847-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Abonnement Adsl Haut débit avec Alice France. Page d'accueil du portail. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19048 (longhorn_ie8_gdr.110221-1700)) -- C:\WINDOWS\system32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} . (.Orbiscom Ltd. All rights reserved. - e-Carte Bleue.) -- C:\WINDOWS\system32\BhoECart.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab - IE Virtual Keyboard.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [OpwareSE4] . (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe O4 - HKLM\..\Run: [eCarteBleue-CLEO] . (.Orbiscom Ltd. All rights reserved. - e-Carte Bleue.) -- C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [LogitechVideoRepair] . (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] . (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe O4 - HKLM\..\Run: [unlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-602162358-1844823847-839522115-1004\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-602162358-1844823847-839522115-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ---\\ ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 8.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A82000000003}\SC_Reader.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Access.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft FrontPage.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\MSN.lnk . (.Microsoft Corporation.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Paint.NET.lnk . (.dotPDN LLC.) -- C:\Program Files\Paint.NET\PaintDotNet.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\PowerpointImageExtractor V1.2.lnk . (.---.) -- C:\Program Files\PowerpointImageExtractor_V1_2\PowerpointImageExtractor.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Visionneuse Microsoft Office PowerPoint 2007.lnk . (...) -- C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - Global Startup: C:\Documents And Settings\Robert\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe O4 - Global Startup: C:\Documents And Settings\Robert\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Documents And Settings\Robert\Menu Démarrer\Programmes\Microsoft PowerPoint Viewer 97.lnk . (.Microsoft Corporation.) -- C:\Program Files\PowerPoint Viewer\setup\INSTALL.EXE O4 - Global Startup: C:\Documents And Settings\Robert\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe O4 - Global Startup: C:\Documents And Settings\Robert\Menu Démarrer\Programmes\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Ajouter à l'Anti-bannière . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~1\MICROS~3\Office10\EXCEL.exe ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\kbrd.ico O9 - Extra button: Mon Clavier &virtuel - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\logo.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\logo.ico O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} (Kaspersky License Finder) - http://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} (HookWlmEx Control) - http://www.super-messenger.fr/tab/HookWlmEx.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282320427890 O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - (Microsoft Office XP Professional Step by Step Interactive) - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Formation interactive Microsoft\o10c\mitm0026.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C3F4AD8B-01A7-4D52-8981-EC04DD41F6D9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C3F4AD8B-01A7-4D52-8981-EC04DD41F6D9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{C3F4AD8B-01A7-4D52-8981-EC04DD41F6D9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Kaspersky Lab - Kaspersky OE plugin loader.) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (APC UPS Service) . (.American Power Conversion Corporation - Battery backup management service.) - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: (AVP) . (.Kaspersky Lab - Kaspersky Anti-Virus.) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe O23 - Service: (CSObjectsSrv) . (.Infowatch - InfoWatch CryptoStorage Protected objects c.) - C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: (maconfservice) . (.CybelSoft - Service de détection matériel.) - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: (WinSysINM) . (.Microsoft - sysNM.) - C:\Program Files\Microsoft\sysNM.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Word.) - C:\Program Files\Microsoft Office\Office10\WINWORD.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\File Helper.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GlaryInitialize.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1844823847-839522115-1004.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1844823847-839522115-1004.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{D8D3402F-1544-4D48-AF51-E93075AB3755}.job ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: (CSVirtualDiskDrv) . (.Infowatch - Virtual Volume Container Driver (wxp).) - C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys O41 - Driver: (kl1) . (.Kaspersky Lab - Kaspersky Unified Driver.) - C:\WINDOWS\system32\drivers\kl1.sys O41 - Driver: (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - C:\Windows\System32\DRIVERS\klif.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ---\\ Logiciels installés (O42) O42 - Logiciel: APC PowerChute Personal Edition - (.American Power Conversion Corporation.) [HKLM] -- {5A0C892E-FD1C-4203-941E-0956AED20A6A} O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader 8.2.6 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A82000000003} O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: CamStudio 2.0 Fr - (.Pas de propriétaire.) [HKLM] -- CamStudio 2.0 Fr_is1 O42 - Logiciel: Canon MP Navigator EX 1.0 - (.Pas de propriétaire.) [HKLM] -- MP Navigator EX 1.0 O42 - Logiciel: Canon MP210 series - (.Pas de propriétaire.) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series O42 - Logiciel: CoolScript2(remove) - (.Pas de propriétaire.) [HKLM] -- Coolscript2 O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler O42 - Logiciel: Enregistrement utilisateur de Canon MP210 series - (.Pas de propriétaire.) [HKLM] -- Enregistrement utilisateur de Canon MP210 series O42 - Logiciel: GIMP 2.6.10 - (.The GIMP Team.) [HKLM] -- WinGimp-2.0_is1 O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {1EE04769-91C4-4A06-92B7-FCAFE6BABDD9} O42 - Logiciel: Glary Utilities 2.33.0.1158 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1 O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8} O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.) [HKLM] -- HDMI O42 - Logiciel: Java 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619} O42 - Logiciel: Kaspersky PURE - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF} O42 - Logiciel: Kaspersky PURE - (.Kaspersky Lab.) [HKLM] -- {1A59064A-12A9-469F-99F6-04BF118DBCFF} O42 - Logiciel: Lecteur Windows Media 11 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player O42 - Logiciel: Logitech Print Service - (.Pas de propriétaire.) [HKLM] -- Logitech Print Service O42 - Logiciel: Logitech QuickCam - (.Logitech, Inc..) [HKLM] -- {A488D63E-B3DD-4423-892F-2F2EC8909518} O42 - Logiciel: Ludi - (.Pas de propriétaire.) [HKLM] -- Ludi O42 - Logiciel: Ludiclub.com - (.Pas de propriétaire.) [HKLM] -- Ludiclub.com O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {0810B8B7-7539-41D3-983E-6127FCF1CC9E} O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033) O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700} O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447 O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1 O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office XP - Autoformation Interactive - (.Pas de propriétaire.) [HKLM] -- {A46C3CC2-B6F2-492D-83BF-52EB320307CC} O42 - Logiciel: Microsoft Office XP Media Content - (.Microsoft Corporation.) [HKLM] -- {9030040C-6000-11D3-8CFE-0050048383C9} O42 - Logiciel: Microsoft Office XP Professional avec FrontPage - (.Microsoft Corporation.) [HKLM] -- {9028040C-6000-11D3-8CFE-0050048383C9} O42 - Logiciel: Microsoft PowerPoint Viewer 97 - (.Pas de propriétaire.) [HKLM] -- PPTView97 O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000 O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce - (.Microsoft Corporation.) [HKLM] -- KB909520 O42 - Logiciel: Paint.NET v3.10 - (.Paint.NET Team.) [HKLM] -- {5E749AEB-5A19-43BA-BB20-3CBB37539FE4} O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre O42 - Logiciel: PowerpointImageExtractor - (.Pas de propriétaire.) [HKLM] -- PowerpointImageExtractor_is1 O42 - Logiciel: Programme de gestion Camera de Logitech® - (.Pas de propriétaire.) [HKLM] -- QcDrv O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525} O42 - Logiciel: Radio Fr Solo 2.1 - (.Pas de propriétaire.) [HKLM] -- Radio_Fr O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: ScanSoft OmniPage SE 4 - (.Nuance Communications, Inc..) [HKLM] -- {DEE88727-779B-47A9-ACEF-F87CA5F92A65} O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: Skype™ 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846} O42 - Logiciel: Unlocker 1.9.0 - (.Cedrick Collomb.) [HKLM] -- Unlocker O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130 O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1} O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {76810709-A7D3-468D-9167-A1780C1E766C} O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B} O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11 O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11 O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service O42 - Logiciel: ZebHelpProcess 2.46 - (.Nicolas Coolman.) [HKLM] -- Zeb Help Process_is1 O42 - Logiciel: e-Carte Bleue LCL - (.Pas de propriétaire.) [HKLM] -- {3D6B54EF-65E4-4624-8709-03A3BBE2C240} O42 - Logiciel: e-Carte Bleue VISA Cléo - (.Pas de propriétaire.) [HKLM] -- e-Carte Bleue VISA Cléo O42 - Logiciel: mIRC - (.Pas de propriétaire.) [HKLM] -- mIRC O42 - Logiciel: network module - (.Microsoft.) [HKLM] -- {9FD78518-7CBD-4071-8BE2-DDCA898890E0} ---\\ HKCU & HKLM Software Keys [HKCU\Software\AEB Soft] [HKCU\Software\Adobe] [HKCU\Software\Alp-Software] [HKCU\Software\Borland] [HKCU\Software\COOL] [HKCU\Software\CanonBJ] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Elguevel] [HKCU\Software\File Helper] [HKCU\Software\FotoWire] [HKCU\Software\Fridgesoft] [HKCU\Software\GlarySoft] [HKCU\Software\Google] [HKCU\Software\HookNetwork] [HKCU\Software\IM Providers] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\KasperskyLab] [HKCU\Software\Logitech] [HKCU\Software\Ludi] [HKCU\Software\Ludiclub] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PC SOFT] [HKCU\Software\Paint.NET] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\Radio Fr Solo] [HKCU\Software\RealNetworks] [HKCU\Software\Realtek] [HKCU\Software\ScanSoft] [HKCU\Software\SkypeApps] [HKCU\Software\Skype] [HKCU\Software\Trolltech] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\cybelsoft] [HKCU\Software\http://www.ecran-de-veille.com] [HKLM\Software\APC] [HKLM\Software\Adobe] [HKLM\Software\Axialis] [HKLM\Software\Borland] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\File Helper] [HKLM\Software\FotoWire] [HKLM\Software\Gemplus] [HKLM\Software\GlarySoft] [HKLM\Software\Google] [HKLM\Software\IAN] [HKLM\Software\InfoWatch] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaRa] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KasperskyLab] [HKLM\Software\Logitech] [HKLM\Software\MSI] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\Paint.NET] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RTLSetup] [HKLM\Software\RealNetworks] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RichFX] [HKLM\Software\ScanSoft] [HKLM\Software\Schlumberger] [HKLM\Software\SecureDigitalServices] [HKLM\Software\Skype] [HKLM\Software\TrendMicro] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Wow6432Node] [HKLM\Software\cybelsoft] [HKLM\Software\e-Carte Bleue LCL] [HKLM\Software\eCarteBleue-CLEO] ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 23/08/2010 - 09:05:26 - [129184530] ----D- C:\Program Files\Adobe O43 - CFD: 20/08/2010 - 17:25:34 - [6555139] ----D- C:\Program Files\APC O43 - CFD: 20/02/2011 - 12:55:38 - [8387326] ----D- C:\Program Files\CamStudio O43 - CFD: 10/12/2010 - 11:37:06 - [82130573] ----D- C:\Program Files\Canon O43 - CFD: 20/08/2010 - 17:03:42 - [25556097] --H-D- C:\Program Files\CanonBJ O43 - CFD: 07/04/2011 - 07:09:56 - [4420787] ----D- C:\Program Files\CCleaner O43 - CFD: 23/04/2011 - 06:39:44 - [5330672] ----D- C:\Program Files\Coolscript2 O43 - CFD: 20/04/2011 - 10:29:06 - [3986872] ----D- C:\Program Files\Defraggler O43 - CFD: 21/08/2010 - 07:25:22 - [200825] ----D- C:\Program Files\e-Carte Bleue O43 - CFD: 03/03/2011 - 11:51:44 - [488564] ----D- C:\Program Files\e-Carte Bleue LCL O43 - CFD: 22/04/2011 - 06:16:20 - [381151475] ----D- C:\Program Files\Fichiers communs O43 - CFD: 12/10/2010 - 16:59:38 - [123821240] ----D- C:\Program Files\Formation interactive Microsoft O43 - CFD: 22/11/2010 - 11:27:20 - [113897830] ----D- C:\Program Files\GIMP-2.0 O43 - CFD: 15/03/2011 - 10:34:46 - [19541109] ----D- C:\Program Files\Glary Utilities O43 - CFD: 12/10/2010 - 16:59:32 - [22462979] --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD: 20/08/2010 - 10:59:54 - [96703] ----D- C:\Program Files\Intel O43 - CFD: 13/04/2011 - 06:59:04 - [5139377] ----D- C:\Program Files\Internet Explorer O43 - CFD: 22/04/2011 - 06:15:58 - [80907918] ----D- C:\Program Files\Java O43 - CFD: 29/03/2011 - 11:31:42 - [98188235] ----D- C:\Program Files\Kaspersky Lab O43 - CFD: 26/12/2010 - 12:01:36 - [30747851] ----D- C:\Program Files\Logitech O43 - CFD: 23/04/2011 - 08:15:18 - [22760867] ----D- C:\Program Files\Ludi O43 - CFD: 21/08/2010 - 10:54:40 - [4967177] ----D- C:\Program Files\Ludiclub O43 - CFD: 10/04/2011 - 06:41:50 - [5657562] ----D- C:\Program Files\ma-config.com O43 - CFD: 15/03/2011 - 11:29:02 - [4932343] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 20/08/2010 - 14:23:42 - [2152579] ----D- C:\Program Files\Messenger O43 - CFD: 14/04/2011 - 06:18:58 - [251924] ----D- C:\Program Files\Microsoft O43 - CFD: 21/08/2010 - 08:10:16 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD: 20/08/2010 - 10:41:04 - [0] ----D- C:\Program Files\microsoft frontpage O43 - CFD: 24/10/2010 - 08:37:28 - [276530607] ----D- C:\Program Files\Microsoft Office O43 - CFD: 21/04/2011 - 16:00:24 - [38388859] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 15/02/2011 - 09:27:48 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition O43 - CFD: 20/08/2010 - 15:39:56 - [15715] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 20/08/2010 - 14:39:22 - [10374874] ----D- C:\Program Files\Movie Maker O43 - CFD: 20/08/2010 - 15:35:02 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 21/08/2010 - 09:13:18 - [27892223] ----D- C:\Program Files\MSECache O43 - CFD: 20/08/2010 - 10:37:16 - [19278399] ----D- C:\Program Files\MSN O43 - CFD: 20/08/2010 - 10:37:42 - [8745735] ----D- C:\Program Files\MSN Gaming Zone O43 - CFD: 20/08/2010 - 14:19:20 - [3285523] ----D- C:\Program Files\NetMeeting O43 - CFD: 20/08/2010 - 10:37:50 - [1804] ----D- C:\Program Files\Online Services O43 - CFD: 07/10/2010 - 09:37:52 - [233223] ----D- C:\Program Files\OpenOffice.org 2.0 O43 - CFD: 29/08/2010 - 11:35:50 - [379964479] ----D- C:\Program Files\OpenOffice.org 3 O43 - CFD: 15/12/2010 - 07:20:08 - [4379321] ----D- C:\Program Files\Outlook Express O43 - CFD: 18/03/2011 - 11:40:28 - [10004300] ----D- C:\Program Files\Paint.NET O43 - CFD: 13/02/2011 - 11:56:18 - [3701213] ----D- C:\Program Files\PhotoFiltre O43 - CFD: 12/10/2010 - 16:52:10 - [1068340] ----D- C:\Program Files\PowerPoint Viewer O43 - CFD: 21/08/2010 - 08:42:24 - [1757343] ----D- C:\Program Files\PowerpointImageExtractor_V1_2 O43 - CFD: 14/04/2011 - 06:55:42 - [10845648] ----D- C:\Program Files\Radio Fr Solo O43 - CFD: 20/08/2010 - 11:06:36 - [71827456] ----D- C:\Program Files\Realtek O43 - CFD: 20/08/2010 - 15:34:54 - [36400897] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 20/08/2010 - 17:05:32 - [121570105] ----D- C:\Program Files\ScanSoft O43 - CFD: 20/08/2010 - 10:39:40 - [1025] ----D- C:\Program Files\Services en ligne O43 - CFD: 14/04/2011 - 06:30:46 - [19059567] R---D- C:\Program Files\Skype O43 - CFD: 11/04/2011 - 08:44:32 - [2574350] ----D- C:\Program Files\Trend Micro O43 - CFD: 20/08/2010 - 10:48:46 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 11/04/2011 - 10:16:30 - [218103] ----D- C:\Program Files\Unlocker O43 - CFD: 15/02/2011 - 09:28:28 - [117421541] ----D- C:\Program Files\Windows Live O43 - CFD: 20/08/2010 - 17:42:58 - [245112] ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD: 19/12/2010 - 10:46:06 - [3586190] ----D- C:\Program Files\Windows Media Connect 2 O43 - CFD: 10/12/2010 - 11:37:06 - [8580314] ----D- C:\Program Files\Windows Media Player O43 - CFD: 20/08/2010 - 14:19:16 - [3942655] ----D- C:\Program Files\Windows NT O43 - CFD: 20/08/2010 - 10:39:44 - [0] --H-D- C:\Program Files\WindowsUpdate O43 - CFD: 20/08/2010 - 10:41:04 - [0] ----D- C:\Program Files\xerox O43 - CFD: 23/04/2011 - 08:44:00 - [105170140] ----D- C:\Program Files\ZebHelpProcess O43 - CFD: 23/04/2011 - 10:02:08 - [3835304] ----D- C:\Program Files\ZHPDiag O43 - CFD: 23/08/2010 - 09:05:46 - [12630163] ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD: 20/08/2010 - 17:54:42 - [7675823] ----D- C:\Program Files\Fichiers Communs\Borland Shared O43 - CFD: 22/08/2010 - 11:02:32 - [99136] ----D- C:\Program Files\Fichiers Communs\DESIGNER O43 - CFD: 26/12/2010 - 12:01:36 - [86016] ----D- C:\Program Files\Fichiers Communs\FotoWire O43 - CFD: 26/03/2011 - 08:33:16 - [3313740] ----D- C:\Program Files\Fichiers Communs\InfoWatch O43 - CFD: 20/08/2010 - 17:25:20 - [8123200] ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD: 22/04/2011 - 06:16:20 - [1247175] ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD: 26/12/2010 - 11:58:24 - [36923641] ----D- C:\Program Files\Fichiers Communs\Logitech O43 - CFD: 13/04/2011 - 06:33:00 - [116386734] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD: 20/08/2010 - 10:39:00 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD: 20/08/2010 - 12:30:14 - [322] ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD: 20/08/2010 - 17:05:48 - [210472] ----D- C:\Program Files\Fichiers Communs\ScanSoft Shared O43 - CFD: 20/08/2010 - 10:39:04 - [8106] ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD: 14/04/2011 - 06:30:46 - [2254216] ----D- C:\Program Files\Fichiers Communs\Skype O43 - CFD: 20/08/2010 - 12:30:10 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD: 12/10/2010 - 16:52:42 - [18764231] ----D- C:\Program Files\Fichiers Communs\System O43 - CFD: 20/08/2010 - 17:38:36 - [169357111] ----D- C:\Program Files\Fichiers Communs\Windows Live O43 - CFD: 10/12/2010 - 12:32:26 - [987108] ----D- C:\Documents and Settings\Robert\Application Data\Adobe O43 - CFD: 20/08/2010 - 14:45:34 - [57539895] R-H-D- C:\Documents and Settings\Robert\Application Data\Application Data O43 - CFD: 20/08/2010 - 14:45:52 - [14929] ----D- C:\Documents and Settings\Robert\Application Data\Bureau O43 - CFD: 10/02/2011 - 07:12:24 - [3274] ----D- C:\Documents and Settings\Robert\Application Data\Canon O43 - CFD: 20/08/2010 - 14:45:52 - [426931] ----D- C:\Documents and Settings\Robert\Application Data\Contacts O43 - CFD: 20/08/2010 - 14:45:56 - [11291] R---D- C:\Documents and Settings\Robert\Application Data\Favoris O43 - CFD: 20/08/2010 - 14:34:06 - [83113] ----D- C:\Documents and Settings\Robert\Application Data\FotoWire O43 - CFD: 20/08/2010 - 14:34:06 - [400718] ----D- C:\Documents and Settings\Robert\Application Data\GlarySoft O43 - CFD: 04/12/2010 - 09:09:34 - [168] ----D- C:\Documents and Settings\Robert\Application Data\gtk-2.0 O43 - CFD: 27/12/2010 - 08:26:06 - [0] ----D- C:\Documents and Settings\Robert\Application Data\Help O43 - CFD: 20/08/2010 - 14:48:42 - [397138803] --H-D- C:\Documents and Settings\Robert\Application Data\Local Settings O43 - CFD: 20/08/2010 - 14:34:06 - [2829075] ----D- C:\Documents and Settings\Robert\Application Data\Macromedia O43 - CFD: 10/10/2010 - 11:08:58 - [5993] ----D- C:\Documents and Settings\Robert\Application Data\Malwarebytes O43 - CFD: 20/08/2010 - 14:48:56 - [39037] R---D- C:\Documents and Settings\Robert\Application Data\Menu Démarrer O43 - CFD: 20/08/2010 - 14:48:58 - [1561665605] R---D- C:\Documents and Settings\Robert\Application Data\Mes documents O43 - CFD: 21/04/2011 - 11:18:40 - [24325706] -S--D- C:\Documents and Settings\Robert\Application Data\Microsoft O43 - CFD: 20/08/2010 - 14:59:30 - [37456] --H-D- C:\Documents and Settings\Robert\Application Data\Modèles O43 - CFD: 08/01/2011 - 09:09:48 - [584588] ----D- C:\Documents and Settings\Robert\Application Data\moovida-1 O43 - CFD: 22/08/2010 - 08:21:40 - [8416071] ----D- C:\Documents and Settings\Robert\Application Data\OpenOffice.org O43 - CFD: 20/08/2010 - 14:34:10 - [3603798] ----D- C:\Documents and Settings\Robert\Application Data\OpenOffice.org2 O43 - CFD: 08/01/2011 - 10:54:02 - [1793202] ----D- C:\Documents and Settings\Robert\Application Data\Real O43 - CFD: 20/08/2010 - 14:59:28 - [6547] R-H-D- C:\Documents and Settings\Robert\Application Data\Recent O43 - CFD: 20/08/2010 - 14:34:12 - [16063] ----D- C:\Documents and Settings\Robert\Application Data\ScanSoft O43 - CFD: 20/08/2010 - 14:59:30 - [1864] R-H-D- C:\Documents and Settings\Robert\Application Data\SendTo O43 - CFD: 22/04/2011 - 08:36:58 - [3370182] ----D- C:\Documents and Settings\Robert\Application Data\Skype O43 - CFD: 22/04/2011 - 08:36:42 - [8736] ----D- C:\Documents and Settings\Robert\Application Data\skypePM O43 - CFD: 24/10/2010 - 08:36:48 - [937497] ----D- C:\Documents and Settings\Robert\Application Data\SoftGrid Client O43 - CFD: 20/08/2010 - 14:34:14 - [8544237] ----D- C:\Documents and Settings\Robert\Application Data\Sun O43 - CFD: 20/08/2010 - 14:34:20 - [2289598] ----D- C:\Documents and Settings\Robert\Application Data\Todae O43 - CFD: 10/12/2010 - 11:37:06 - [0] ----D- C:\Documents and Settings\Robert\Application Data\Tracing O43 - CFD: 20/08/2010 - 14:59:30 - [0] --H-D- C:\Documents and Settings\Robert\Application Data\Voisinage d'impression O43 - CFD: 20/08/2010 - 14:59:30 - [0] --H-D- C:\Documents and Settings\Robert\Application Data\Voisinage réseau O43 - CFD: 23/08/2010 - 09:01:34 - [1033024] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe O43 - CFD: 07/10/2010 - 06:40:20 - [3165] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\ApplicationHistory O43 - CFD: 23/04/2011 - 09:00:04 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Axialis O43 - CFD: 20/08/2010 - 15:19:02 - [262292] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Google O43 - CFD: 27/12/2010 - 08:26:06 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Help O43 - CFD: 20/08/2010 - 15:20:02 - [84573880] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Identities O43 - CFD: 23/08/2010 - 08:57:58 - [833] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\IP_service O43 - CFD: 16/03/2011 - 08:22:44 - [536364151] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft O43 - CFD: 06/09/2010 - 12:04:56 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft Help O43 - CFD: 08/01/2011 - 09:09:10 - [178863] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\moovida Air O43 - CFD: 20/03/2011 - 09:20:02 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Paint.NET O43 - CFD: 28/01/2011 - 09:40:48 - [333] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Quick_Zip_Dev O43 - CFD: 21/08/2010 - 07:14:04 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Scansoft O43 - CFD: 22/08/2010 - 11:04:40 - [4562944] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\SoftGrid Client O43 - CFD: 02/03/2011 - 07:24:28 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\Temp O43 - CFD: 17/12/2010 - 10:07:16 - [0] ----D- C:\Documents and Settings\Robert\Local Settings\Application Data\WMTools Downloaded Files ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.2BDE2871DAB85806C6B49118C8D6E958] - 23/04/2011 - 07:48:08 ---A- . (...) -- C:\PDOXUSRS.NET [13030] O44 - LFC:[MD5.64B65CDB7212B2DD93369B3A39FD064D] - 23/04/2011 - 07:20:00 ---A- . (...) -- C:\WINDOWS\BELOTEXP.INI [40] O44 - LFC:[MD5.C4EE1200F915817C00FCFD7F98EF1200] - 23/04/2011 - 06:05:17 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [665783] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/04/2011 - 05:48:41 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.C4EE1200F915817C00FCFD7F98EF1200] - 23/04/2011 - 05:48:35 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.C4EE1200F915817C00FCFD7F98EF1200] - 23/04/2011 - 05:48:34 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 23/04/2011 - 05:48:31 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.C4EE1200F915817C00FCFD7F98EF1200] - 23/04/2011 - 05:47:19 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32122] O44 - LFC:[MD5.88E9F544E5B03CA6B0C9D24E46AEF020] - 22/04/2011 - 16:31:05 ---A- . (...) -- C:\JavaRa.log [21631] O44 - LFC:[MD5.68288DA42BC798992A42CD59061B199D] - 22/04/2011 - 05:16:00 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\java.exe [145184] O44 - LFC:[MD5.5BF8BA1B854D7DFCE1F47E58852B3D8F] - 22/04/2011 - 05:16:00 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\System32\javaw.exe [145184] O44 - LFC:[MD5.58DC5CBDC930AF070B177843810F2C85] - 22/04/2011 - 05:16:00 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\System32\javaws.exe [157472] O44 - LFC:[MD5.FB4080124F35176910134417D3F5C7CB] - 22/04/2011 - 05:15:57 ---A- . (...) -- C:\WINDOWS\System32\jupdate-1.6.0_24-b07.log [3228] O44 - LFC:[MD5.4F2B66174CE94488BB5EC8BD09BC6EE5] - 22/04/2011 - 05:15:41 ---A- . (...) -- C:\WINDOWS\System32\perfh00C.dat [552342] O44 - LFC:[MD5.BA18E507C98E2884461F6712A0DB868B] - 22/04/2011 - 05:15:40 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [79210] O44 - LFC:[MD5.AF1CF373B6978FED5BE2749D9B291F04] - 22/04/2011 - 05:15:40 ---A- . (...) -- C:\WINDOWS\System32\perfc00C.dat [94042] O44 - LFC:[MD5.D5EAB8F08231FCED4F25D1EAC551E8BB] - 22/04/2011 - 05:15:40 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [481136] O44 - LFC:[MD5.C481F8F2E7BD03E9B9509FA4C60B9093] - 22/04/2011 - 05:15:38 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [1222718] O44 - LFC:[MD5.4538CBF0AF0D6D9AC250E2EC23BAF44F] - 21/04/2011 - 16:09:25 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512] O44 - LFC:[MD5.848184F04E439743653CF2BD70A15BF0] - 17/04/2011 - 08:15:55 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [13646] O44 - LFC:[MD5.19BC3077C98654C4F685624D8383BC2E] - 14/04/2011 - 05:55:44 ---A- . (...) -- C:\WINDOWS\Radio_Fr.ini [1208] O44 - LFC:[MD5.827F6E2F0442687E590B0B3C3826E378] - 13/04/2011 - 06:08:12 ---A- . (...) -- C:\WINDOWS\System32\FNTCACHE.DAT [161136] O44 - LFC:[MD5.465C52BB968818BF9DEAFD406463BCE7] - 05/04/2011 - 05:31:37 ---A- . (...) -- C:\WINDOWS\System32\drivers\klick.dat [97859] O44 - LFC:[MD5.3917C606A34B8E7D94B99CE74BA848D7] - 05/04/2011 - 05:31:37 ---A- . (...) -- C:\WINDOWS\System32\drivers\klin.dat [115267] O44 - LFC:[MD5.CF9F89B7B5E08BEB60E52DD7FF3A69E5] - 29/03/2011 - 10:31:00 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\System32\drivers\klif.sys [315408] O44 - LFC:[MD5.2C3F213EDDD231099FB779A45D7680E0] - 26/03/2011 - 07:34:45 ---A- . (.Infowatch - Virtual Volume Container Driver (wxp).) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys [39352] O44 - LFC:[MD5.5CBF20674BE8364FEBB6A13451A42F0A] - 26/03/2011 - 07:34:38 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\WINDOWS\System32\drivers\CSCrySec.sys [88632] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"msacm.enc"="ITIG726.acm" . (.Ingenient Technologies, Inc. - Ingenient Technologies, Inc. G.726 CODEC.) -- C:\WINDOWS\System32\ITIG726.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"ITIG726.acm"="ITI G.726 Audio Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"ir32_32.dll"="Indeo® video R3.2 by Intel" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"ir41_32.ax"="Indeo® video interactive R4.3 by Intel" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo® video Raw YVU9 by Intel" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\iyvu9_32.dll ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=60 ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] - 18/11/2009 - 00:16:00 ---A- . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\system32\drivers\Ambfilt.sys [1691480] O58 - SDL:[MD5.98EE301B9D1511B795C3DA89048A642E] - 29/08/2003 - 07:43:48 R--A- . (.Logitech Inc. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\drivers\CamDrL21.sys [334096] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.5CBF20674BE8364FEBB6A13451A42F0A] - 14/12/2009 - 11:44:24 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\WINDOWS\system32\drivers\CSCrySec.sys [88632] O58 - SDL:[MD5.2C3F213EDDD231099FB779A45D7680E0] - 14/12/2009 - 11:44:24 ---A- . (.Infowatch - Virtual Volume Container Driver (wxp).) -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys [39352] O58 - SDL:[MD5.0F68E2EC713F132FFB19E45415B09679] - 19/12/2007 - 04:32:12 R--A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [5854688] O58 - SDL:[MD5.CE3958F58547454884E97BDA78CD7040] - 01/09/2009 - 14:29:50 ---A- . (.Kaspersky Lab - Kaspersky Unified Driver.) -- C:\WINDOWS\system32\drivers\kl1.sys [128016] O58 - SDL:[MD5.53EEDAB3F0511321AC3AE8BC968B158C] - 14/10/2009 - 20:18:34 ---A- . (.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) -- C:\WINDOWS\system32\drivers\klbg.sys [36880] O58 - SDL:[MD5.CF9F89B7B5E08BEB60E52DD7FF3A69E5] - 29/03/2011 - 10:31:00 ---A- . (.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\klif.sys [315408] O58 - SDL:[MD5.FBDC2034B58D2135D25FE99EB8B747C3] - 14/09/2009 - 13:42:46 ---A- . (.Kaspersky Lab - Kaspersky Lab Intermediate Network Driver.) -- C:\WINDOWS\system32\drivers\klim5.sys [32272] O58 - SDL:[MD5.1F351C4BA53BFE58A1CA5FCDD11E1F81] - 02/10/2009 - 18:39:44 ---A- . (.Kaspersky Lab - KLMOUFLT Mouse Device Filter [fre_wnet_x86].) -- C:\WINDOWS\system32\drivers\klmouflt.sys [19472] O58 - SDL:[MD5.58DB33AB25D6A72CA75CB1D79D5F92C1] - 29/08/2003 - 07:40:12 R--A- . (.Logitech Inc. - SmoothVision filter.) -- C:\WINDOWS\system32\drivers\LVSVF2.sys [560640] O58 - SDL:[MD5.F8179F468ADAC55E88E8ACC7FE3741CD] - 29/08/2003 - 07:40:02 R--A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys [12112] O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952] O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224] O58 - SDL:[MD5.C7D9F9717916B34C1B00DD4834AF485C] - 18/11/2009 - 00:17:00 ---A- . (.Creative Technology Ltd. - Creative WDM Audio Driver (32-bit).) -- C:\WINDOWS\system32\drivers\Monfilt.sys [1395800] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032] O58 - SDL:[MD5.6FC7DDF3B8D94FBA7AC664452D6478D4] - 27/11/2009 - 08:20:06 R--A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [177152] O58 - SDL:[MD5.364D3642AE236C3F2F5F55F43B09FFDA] - 25/12/2009 - 11:26:30 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys [6039584] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/04/2008 - 17:39:15 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: RSIT - (.random/random.) ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(...) - LEGACY_AAVMKER4 O64 - Services: CurCS - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe - APC UPS Service (APC UPS Service) .(.American Power Conversion Corporation - Battery backup management service.) - LEGACY_APC_UPS_SERVICE O64 - Services: CurCS - (.not file.) - aswFsBlk (aswFsBlk) .(...) - LEGACY_ASWFSBLK O64 - Services: CurCS - (.not file.) - aswMon2 (aswMon2) .(...) - LEGACY_ASWMON2 O64 - Services: CurCS - (.not file.) - aswRdr (aswRdr) .(...) - LEGACY_ASWRDR O64 - Services: CurCS - (.not file.) - aswSP (aswSP) .(...) - LEGACY_ASWSP O64 - Services: CurCS - (.not file.) - avast! Network Shield Support (aswTdi) .(...) - LEGACY_ASWTDI O64 - Services: CurCS - (.not file.) - avast! Antivirus (avast! Antivirus) .(...) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe - Kaspersky PURE (AVP) .(.Kaspersky Lab - Kaspersky Anti-Virus.) - LEGACY_AVP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP O64 - Services: CurCS - C:\Windows\System32\DRIVERS\CSCrySec.sys - InfoWatch Encrypt Sector Library driver (CSCrySec) .(.Infowatch - Cryptographic Algorithm Lib Driver..) - LEGACY_CSCRYSEC O64 - Services: CurCS - C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe - Service de gestion du système CryproStorage (CSObjectsSrv) .(.Infowatch - InfoWatch CryptoStorage Protected objects c.) - LEGACY_CSOBJECTSSRV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys - InfoWatch Virtual Disk driver (CSVirtualDiskDrv) .(.Infowatch - Virtual Volume Container Driver (wxp).) - LEGACY_CSVIRTUALDISKDRV O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC O64 - Services: CurCS - (.not file.) - service de mise a jour pour IP networker (IP netservices) .(...) - LEGACY_IP_NETSERVICES O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - C:\WINDOWS\system32\drivers\kl1.sys - Kl1 (kl1) .(.Kaspersky Lab - Kaspersky Unified Driver.) - LEGACY_KL1 O64 - Services: CurCS - (.not file.) - kl2 (kl2) .(...) - LEGACY_KL2 O64 - Services: CurCS - C:\Windows\System32\DRIVERS\klbg.sys - Kaspersky Lab Boot Guard Driver (klbg) .(.Kaspersky Lab - Kaspersky Lab Boot Guard Driver.) - LEGACY_KLBG O64 - Services: CurCS - C:\Windows\System32\DRIVERS\klif.sys - Kaspersky Lab Driver (KLIF) .(.Kaspersky Lab - Klif Mini-Filter [fre_wnet_x86].) - LEGACY_KLIF O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD O64 - Services: CurCS - C:\Program Files\ma-config.com\maconfservice.exe - Ma-Config Service (maconfservice) .(.CybelSoft - Service de détection matériel.) - LEGACY_MACONFSERVICE O64 - Services: CurCS - (.not file.) - mbr (mbr) .(...) - LEGACY_MBR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS O64 - Services: CurCS - E:\CDriver.sys (.not file.) - MSICDSetup (MSICDSetup) .(...) - LEGACY_MSICDSETUP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS O64 - Services: CurCS - (.not file.) - Sftfs (Sftfs) .(...) - LEGACY_SFTFS O64 - Services: CurCS - (.not file.) - Sftplay (Sftplay) .(...) - LEGACY_SFTPLAY O64 - Services: CurCS - (.not file.) - Sftredir (Sftredir) .(...) - LEGACY_SFTREDIR O64 - Services: CurCS - (.not file.) - Sftvol (Sftvol) .(...) - LEGACY_SFTVOL O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE O64 - Services: CurCS - C:\Program Files\Unlocker\UnlockerDriver5.sys - UnlockerDriver5 (UnlockerDriver5) .(...) - LEGACY_UNLOCKERDRIVER5 O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP O64 - Services: CurCS - C:\Program Files\Microsoft\sysNM.exe - WinSysINM (WinSysINM) .(.Microsoft - sysNM.) - LEGACY_WINSYSINM ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {2F2339BC-A98B-4E8E-85C0-347DD83D14B6} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {BB3E0337-BD1D-4933-8C6C-D4FCDE0CF09B} - (Bing) - Bing ---\\ Scan Additionnel (O88) Database Version : 5829 - (17/04/2011) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}] =>PUP.Eorezo ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 21/07/2004 176241 | (APC UPS Service) . (.American Power Conversion Corporation.) - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe SR - | Auto 01/10/2010 348760 | (AVP) . (.Kaspersky Lab.) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe SR - | Auto 21/12/2009 743992 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe SR - | Auto 02/02/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe SS - | Demand 10/03/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SR - | Auto 12/04/2011 20480 | (WinSysINM) . (.Microsoft.) - C:\Program Files\Microsoft\sysNM.exe ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by Robert at 23/04/2011 10:03:00 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89BABAB8] 3 CLASSPNP[0xF7647FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000063[0x89B8AF18] 5 ACPI[0xF750D620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-4[0x89B89D98] kernel: MBR read successfully user & kernel MBR OK ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Robert at 23/04/2011 10:03:02 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin End of the scan (918 lines in 00mn 57s)(0)