Syrius
-
Compteur de contenus
47 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Syrius
-
-
Ok merci encore une fois pour votre aide et bravo pour votre compétence
-
Effectivement le PC est plus stable et surtout beaucoup plus rapide. Merci
Par contre, je n'est toujours pas accès au pare feu avec toujours le même message :
"En raison d'un problème non identifié, Windows ne peut afficher les paramètres du pare feu windows"
-
-
J'ai refait la manip et le rapport ne me donne que cela :
All processes killed
========== OTL ==========
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Policies not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.
Folder C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB .
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
OTL by OldTimer - Version 3.2.69.0 log created on 12162012_133402
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Voici le rapport après la manip :
All processes killed
========== OTL ==========
Error: No service named esgiguard was found to stop!
Service\Driver key esgiguard not found.
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Policies not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job not found.
Folder C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB .
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
OTL by OldTimer - Version 3.2.69.0 log created on 12162012_095607
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Oups pardon
Voici le rapport de Rogue Killer :
RogueKiller V8.4.0 [Dec 12 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : [RogueKiller] Remontées
Site Web : RogueKiller
Blog : tigzy-RK
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Didier [Droits d'admin]
Mode : Recherche -- Date : 14/12/2012 08:23:02
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xBA720314)
SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (Unknown @ 0xBA7202CE)
SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xBA72031E)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xBA7202C4)
SSDT[63] : NtDeleteKey @ 0x80624592 -> HOOKED (Unknown @ 0xBA7202D3)
SSDT[65] : NtDeleteValueKey @ 0x80624762 -> HOOKED (Unknown @ 0xBA7202DD)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xBA72030F)
SSDT[98] : NtLoadKey @ 0x8062631A -> HOOKED (Unknown @ 0xBA7202E2)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xBA7202B0)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xBA7202B5)
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (Unknown @ 0xBA720337)
SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (Unknown @ 0xBA7202EC)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xBA720328)
SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (Unknown @ 0xBA7202E7)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xBA720323)
SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xBA72032D)
SSDT[247] : NtSetValueKey @ 0x80622668 -> HOOKED (Unknown @ 0xBA7202D8)
SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (Unknown @ 0xBA720332)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xBA7202BF)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA720346)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA72034B)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST3250824AS +++++
--- User ---
[MBR] cea6392e92acd1aa46de129e646f9523
[bSP] b68aa0c19ecfae6990ea1fbd7d1c1caf : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[7]_S_14122012_082302.txt >>
RKreport[1]_S_13122012_213543.txt ; RKreport[2]_D_13122012_213743.txt ; RKreport[3]_S_13122012_214449.txt ; RKreport[4]_D_13122012_221301.txt ; RKreport[5]_D_13122012_222200.txt ;
RKreport[6]_S_13122012_222712.txt ; RKreport[7]_S_14122012_082302.txt
Et pour Mbam, j'ai été obligé de refaire un scan car j'avais effacé le rapport :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3
15/12/2012 18:53:21
mbam-log-2012-12-15 (18-53-21).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 282475
Temps écoulé: 1 hour(s), 52 minute(s), 15 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2591F6DA-7069-461A-A8C2-C8C9354B037E}\RP1096\A0230207.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
-
OTL logfile created on: 15/12/2012 13:00:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Didier\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,61% Memory free
3,84 Gb Paging File | 3,00 Gb Available in Paging File | 78,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 62,99 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
Computer Name: PINSON-C3BA1203 | User Name: Didier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/15 12:40:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Didier\Bureau\OTL.scr
PRC - [2012/12/10 08:00:26 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/12/09 18:17:57 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/17 12:01:08 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012/09/17 12:01:06 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012/08/14 06:15:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/08/14 06:15:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/14 06:15:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/14 06:15:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012/12/12 11:32:10 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/09 18:17:57 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/14 06:15:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/07/27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/12 11:32:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/09 18:17:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/24 16:17:59 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/19 13:38:50 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/09/19 13:38:49 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/09/17 12:01:06 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/08/14 06:15:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/08/14 06:15:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/12/15 18:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/09/27 03:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Didier\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (auappi2y)
DRV - [2012/08/29 14:54:24 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/08/14 06:15:58 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/08/14 06:15:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/08/02 16:51:34 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/05/21 17:04:34 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012/05/21 17:04:34 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/02/19 16:35:25 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/02/19 16:35:25 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/12/15 18:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/12/01 16:55:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 13:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/19 04:46:04 | 000,108,032 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/03/10 13:28:40 | 000,018,560 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtcdrv.sys -- (vtcdrv)
DRV - [2008/02/14 07:12:02 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/02/14 04:36:34 | 000,222,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/04/27 06:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = duxet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\SearchScopes\{D84C29F6-6944-4BF8-9743-A1332A604E63}: "URL" = {searchTerms} - Recherche Google
IE - HKU\S-1-5-21-1659004503-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.lequipe.fr/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 22:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/11 19:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/10/20 12:34:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/09 18:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/09 18:17:51 | 000,000,000 | ---D | M]
[2009/01/11 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Extensions
[2009/01/11 16:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/11/24 14:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions
[2010/07/11 08:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/12 17:43:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2012/11/24 14:05:28 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/09 18:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/09 18:17:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/09 18:17:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/23 03:29:12 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012/07/27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/11/26 18:28:03 | 000,001,729 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/10/17 11:44:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/26 18:28:03 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/11/26 18:28:03 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/08/17 20:02:28 | 000,002,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2012/10/17 11:44:35 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/11/26 18:28:03 | 000,001,639 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/11/26 18:28:03 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
========== Chrome ==========
CHR - homepage: Sport : toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba, F1)
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Sport : toute l'actualité sportive sur l'EQUIPE (Match en direct, Football, Rugby, Tennis, Nba, F1)
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google\u00A0Drive = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Didier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2011/09/29 07:05:45 | 000,437,703 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15055 more lines...
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Reg Error: Value error.) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1659004503-920026266-725345543-1004..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1659004503-920026266-725345543-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659004503-920026266-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\AutorunsDisabled [2011/11/15 09:45:19 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\system32\install\server.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..Trusted Domains: baronnerie.com ([webmail] https in Sites de confiance)
O15 - HKU\S-1-5-21-1659004503-920026266-725345543-1004\..Trusted Domains: localhost ([]http in Sites de confiance)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F25289F-0614-4995-A723-ADF6DBE613A9}: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/01 16:46:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9a12d5af-7880-11e0-8a5e-002215fac350}\Shell - "" = AutoRun
O33 - MountPoints2\{9a12d5af-7880-11e0-8a5e-002215fac350}\Shell\AutoRun\command - "" = I:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {1408A7F0-0F8F-DB8E-92BB-C0756FB5D351} - NetShow
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4AFB8B31-A616-911B-481A-0F334F1BE978} - NetShow
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D849B92E-BB72-5D5A-B446-30A788B1B585} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E794AFD6-FDFA-6332-813F-D36B017BD953} - Java (Sun)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/12/15 12:40:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Didier\Bureau\OTL.scr
[2012/12/15 10:15:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Didier\Recent
[2012/12/13 22:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/12/13 22:41:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/13 22:41:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/13 22:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/13 21:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Didier\Bureau\RK_Quarantine
[2012/12/13 20:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/12/13 20:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2012/12/13 19:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/12/13 19:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/12/10 16:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Chrome
[2012/12/10 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/12/09 18:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/06 13:50:32 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/12/06 13:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TuneUp Utilities 2013
[2012/11/29 16:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012/11/29 15:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Didier\Bureau\essai
[2012/11/22 08:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012/11/22 08:27:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/11/22 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Didier\Bureau\Tune
[2012/10/27 07:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Fichiers communs\atimpenc.dll
[2009/06/05 23:03:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe149.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/15 13:02:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/12/15 12:40:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Didier\Bureau\OTL.scr
[2012/12/15 12:30:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/15 10:31:34 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\Microsoft Office Outlook 2007.lnk
[2012/12/15 10:14:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/13 22:41:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2012/12/13 21:31:36 | 000,756,224 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\RogueKiller.exe
[2012/12/13 17:16:44 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 17:16:44 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/12 21:02:39 | 000,035,980 | ---- | M] () -- C:\Documents and Settings\Didier\Mes documents\attestation CEP 1.pdf
[2012/12/12 11:32:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/12 11:32:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 08:21:16 | 000,323,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/10 16:24:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/10 16:07:26 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\Google Chrome.lnk
[2012/12/10 16:07:26 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/09 12:54:52 | 000,079,481 | ---- | M] () -- C:\Documents and Settings\Didier\Mes documents\facture24056955330-1.pdf
[2012/12/08 10:41:04 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenVPN GUI.lnk
[2012/12/06 13:50:30 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Maintenance en 1 clic.lnk
[2012/12/06 13:50:30 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Utilities 2013.lnk
[2012/12/06 13:50:28 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2013.lnk
[2012/12/03 11:42:37 | 001,133,379 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\Guide_associations_consommateurs_2012.pdf
[2012/12/03 11:39:34 | 000,186,257 | ---- | M] () -- C:\Documents and Settings\Didier\Bureau\actualisation decembre pôle emploi.pdf
[2012/12/03 08:57:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2012/12/02 15:42:37 | 013,979,648 | ---- | M] () -- C:\Documents and Settings\Didier\Mes documents\Money.mny
[2012/12/02 15:42:34 | 013,983,438 | R--- | M] () -- C:\Documents and Settings\Didier\Mes documents\Money Sauvegarde.mbf
[2012/12/02 10:08:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/23 17:12:25 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Didier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/22 16:16:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WD.INI
[2012/11/22 10:57:40 | 000,002,589 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SolidWorks 2012.lnk
[2012/11/16 20:13:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/16 09:03:50 | 000,568,506 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/11/16 09:03:50 | 000,476,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 09:03:50 | 000,100,546 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/11/16 09:03:50 | 000,077,068 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/15 13:02:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/12/13 22:41:07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2012/12/13 21:31:35 | 000,756,224 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\RogueKiller.exe
[2012/12/12 21:02:39 | 000,035,980 | ---- | C] () -- C:\Documents and Settings\Didier\Mes documents\attestation CEP 1.pdf
[2012/12/10 16:07:26 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\Google Chrome.lnk
[2012/12/10 16:07:26 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/10 16:01:12 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/10 16:01:12 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 12:54:52 | 000,079,481 | ---- | C] () -- C:\Documents and Settings\Didier\Mes documents\facture24056955330-1.pdf
[2012/12/06 13:50:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Maintenance en 1 clic.lnk
[2012/12/06 13:50:30 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TuneUp Utilities 2013.lnk
[2012/12/06 13:50:28 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\Didier\Application Data\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2013.lnk
[2012/12/06 13:50:28 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TuneUp Utilities 2013.lnk
[2012/12/03 11:42:37 | 001,133,379 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\Guide_associations_consommateurs_2012.pdf
[2012/12/03 11:39:34 | 000,186,257 | ---- | C] () -- C:\Documents and Settings\Didier\Bureau\actualisation decembre pôle emploi.pdf
[2012/10/28 18:11:06 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Didier\Application Data\.backup.dm
[2012/09/19 14:08:06 | 000,189,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/09/19 14:02:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2012/06/07 23:05:23 | 000,328,366 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/18 22:05:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/19 13:38:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/12 15:29:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 14:07:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/05/22 12:27:01 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/22 12:26:58 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/05/22 12:26:49 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/05/13 19:18:20 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009/01/15 14:22:28 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Didier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/01/02 16:38:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\WINDOWS\system32\shell32.dll -- [2012/06/08 15:25:53 | 008,519,168 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03:33:41 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:33:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %USERPROFILE%\AppData\Local\*.* >
< %USERPROFILE%\AppData\Roaming\*.* >
< %systemroot%\system32\*.ini >
[2000/09/08 13:31:38 | 000,000,072 | ---- | M] () -- C:\WINDOWS\system32\epDPE.ini
[2004/08/05 13:00:00 | 001,015,477 | ---- | M] () -- C:\WINDOWS\system32\esentprf.ini
[2007/02/05 14:47:40 | 000,016,042 | ---- | M] () -- C:\WINDOWS\system32\gsrvctr.ini
[2007/02/05 14:47:48 | 000,016,704 | ---- | M] () -- C:\WINDOWS\system32\gthrctr.ini
[2007/02/05 14:47:48 | 000,021,596 | ---- | M] () -- C:\WINDOWS\system32\idxcntrs.ini
[2004/08/05 13:00:00 | 000,003,914 | ---- | M] () -- C:\WINDOWS\system32\msdtcprf.ini
[2004/08/05 13:00:00 | 000,003,030 | ---- | M] () -- C:\WINDOWS\system32\perfci.ini
[2004/08/05 13:00:00 | 000,001,293 | ---- | M] () -- C:\WINDOWS\system32\perffilt.ini
[2012/11/16 09:03:50 | 001,234,594 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2004/08/05 13:00:00 | 000,002,994 | ---- | M] () -- C:\WINDOWS\system32\perfwci.ini
[2004/08/05 13:00:00 | 000,000,367 | ---- | M] () -- C:\WINDOWS\system32\prodspec.ini
[2004/08/05 13:00:00 | 000,014,073 | ---- | M] () -- C:\WINDOWS\system32\pschdprf.ini
[2004/08/05 13:00:00 | 000,006,212 | ---- | M] () -- C:\WINDOWS\system32\rasctrs.ini
[2004/08/05 13:00:00 | 000,015,937 | ---- | M] () -- C:\WINDOWS\system32\rsvp.ini
[2004/08/05 13:00:00 | 000,053,478 | ---- | M] () -- C:\WINDOWS\system32\tcpmon.ini
[2004/08/05 13:00:00 | 000,027,768 | ---- | M] () -- C:\WINDOWS\system32\tslabels.ini
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.* >
[2012/12/15 12:30:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/12/10 16:24:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/05 13:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/12/13 17:16:44 | 000,001,052 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 17:16:44 | 000,001,056 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/04/15 06:43:08 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
[2012/12/15 10:14:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
< %systemroot%\system32\Tasks\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s >
"Authentication Packages" = msv1_0 [binary data] -- [2009/09/11 15:18:20 | 000,136,192 | ---- | M] (Microsoft Corporation)
"Bounds" = 0 [binary data]
"Security Packages" = kerberosmsv1_0schannelwdigest [binary data]
"ImpersonatePrivilegeUpgradeToolHasRun" = 1
"LsaPid" = 1940
"SecureBoot" = 1
"auditbaseobjects" = 0
"crashonauditfail" = 0
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"fipsalgorithmpolicy" = 0
"forceguest" = 1
"fullprivilegeauditing" = [binary data]
"limitblankpassworduse" = 1
"lmcompatibilitylevel" = 0
"nodefaultadminowner" = 1
"nolmhash" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
"Notification Packages" = scecli [binary data] -- [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation)
"enabledcom" = y
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders]
"ProviderOrder" = Windows NT Access Provider [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath" = %SystemRoot%\system32\ntmarta.dll -- [2008/04/14 03:33:36 | 000,119,808 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit\PerUserAuditing\System]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data]
"Pattern" = 48 5B 49 F2 73 17 0C 8B 7C 4A 06 CA 16 CB C7 B2 35 38 32 64 31 35 62 37 00 FD 07 00 C2 42 00 00 34 FA 07 00 56 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 2B 4E 27 6E F8 18 2D 64 81 21 B3 58 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG]
"GrafBlumGroup" = 25 2D 84 BF 04 7F F0 18 7C [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD]
"Lookup" = F6 49 59 01 45 18 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\Domains]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos\SidCache]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0]
"ntlmminclientsec" = 0
"ntlmminserversec" = 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1]
"SkewMatrix" = 65 63 9A 27 7F F8 3A 70 82 FB 31 41 21 F0 7A 16 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO\Passport1.4]
"SSOURL" = Windows Live ID
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache]
"Time" = 38 E6 C9 27 63 6C C9 01 [binary data]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\digest.dll]
"Name" = Digest
"Comment" = Digest SSPI Authentication Package
"Capabilities" = 16464
"RpcId" = 65535
"Version" = 1
"TokenSize" = 65535
"Time" = 00 85 3E E8 D7 9D C8 01 [binary data]
"Type" = 49
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msapsspc.dll]
"Name" = DPA
"Comment" = DPA Security Package
"Capabilities" = 55
"RpcId" = 17
"Version" = 1
"TokenSize" = 768
"Time" = 00 39 03 ED D7 9D C8 01 [binary data]
"Type" = 49
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache\msnsspc.dll]
"Name" = MSN
"Comment" = MSN Security Package
"Capabilities" = 55
"RpcId" = 18
"Version" = 1
"TokenSize" = 768
"Time" = 00 66 34 EE D7 9D C8 01 [binary data]
"Type" = 49
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >
"AutoRestartShell" = 1
"DefaultDomainName" = PINSON-C3BA1203
"DefaultUserName" = Didier
"LegalNoticeCaption" =
"LegalNoticeText" =
"PowerdownAfterShutdown" = 0
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation)
"ShutdownWithoutLogon" = 0
"System" =
"Userinit" = C:\WINDOWS\system32\userinit.exe,
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
"SfcQuota" = -1
"allocatecdroms" = 0
"allocatedasd" = 0
"allocatefloppies" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"scremoveoption" = 0
"AllowMultipleTSSessions" = 1
"UIHost" = logonui.exe -- [2008/04/14 03:34:09 | 000,515,584 | ---- | M] (Microsoft Corporation)
"LogonType" = 1
"Background" = 0 0 0
"DebugServerCommand" = no
"SFCDisable" = 0
"WinStationsDisabled" = 0
"HibernationPreviouslyEnabled" = 1
"ShowLogonOptions" = 0
"AltDefaultUserName" = Didier
"AltDefaultDomainName" = PINSON-C3BA1203
"ChangePasswordUseKerberos" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials]
< MD5 for: AFD.SYS >
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
< MD5 for: ATAPI.SYS >
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: IASTOR.SYS >
[2008/09/08 22:04:29 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008/09/08 22:26:36 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\NLDRV\002\iastor.sys
< MD5 for: IPSEC.SYS >
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
< MD5 for: NETBT.SYS >
[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 20:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NTOSKRNL.EXE >
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2009/01/01 21:02:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2008/04/14 03:08:03 | 002,191,104 | ---- | M] (Microsoft Corporation) MD5=099D639DA1EF6968D4E41795BB507E6B -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2010/02/16 20:00:44 | 002,192,128 | ---- | M] (Microsoft Corporation) MD5=126C8FD13731649A7CD6F0A311CD49B8 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2010/04/28 06:17:40 | 002,192,128 | ---- | M] (Microsoft Corporation) MD5=220EFAF0106119F4A7CA598076EE14E6 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[2010/12/09 16:15:06 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=360612511AA332B8D3AB295ACA0192CD -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2011/10/26 11:50:05 | 002,150,912 | ---- | M] (Microsoft Corporation) MD5=42C8A327ADF3B7C86DBCD57DDB8DA661 -- C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[2012/05/05 04:14:12 | 002,194,688 | ---- | M] (Microsoft Corporation) MD5=4905B4A5F06D8F763A03DD66DA6C3683 -- C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[2012/04/11 14:51:40 | 002,150,400 | ---- | M] (Microsoft Corporation) MD5=5454C077A8A5FFBB62DB4287B7BD97BD -- C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe
[2009/08/04 18:22:24 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=63864AF70CAC631077A6C1223617336B -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[2012/04/11 14:50:46 | 002,194,688 | ---- | M] (Microsoft Corporation) MD5=87699B2568FF945306864A0FE9E96915 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[2009/12/09 15:32:16 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=9EC870EAB7D08695E59579C7AAC3B23D -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2012/05/05 04:15:00 | 002,150,400 | ---- | M] (Microsoft Corporation) MD5=BE38DF03C39AAF7F2339A822D0B6C6BA -- C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe
[2009/02/10 18:16:44 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=BEF458B8424553279E95E250D1E0CE7E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2008/08/14 14:39:11 | 002,188,032 | ---- | M] (Microsoft Corporation) MD5=C6649255E51F145B6E15C505AB68E459 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2008/08/14 14:23:49 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=C8D4D5974F9671DA0A37175650912960 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2012/08/23 07:27:09 | 002,150,912 | ---- | M] (Microsoft Corporation) MD5=C96C7D21DE09D8B880966E3A05B338DE -- C:\WINDOWS\system32\ntoskrnl.exe
[2008/08/14 19:26:02 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=D79210549BBF09B7638E860440504299 -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2012/08/23 07:26:13 | 002,195,072 | ---- | M] (Microsoft Corporation) MD5=DC5C04F4AEB100C37B636E56F12C36FD -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[2010/12/09 16:14:10 | 002,150,912 | ---- | M] (Microsoft Corporation) MD5=E8DE6CA43363B663645AE4639F2F41D6 -- C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe
[2012/08/23 07:27:12 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=EE6D856BAC0CA37026116D925616C248 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2012/08/23 07:27:12 | 002,194,944 | ---- | M] (Microsoft Corporation) MD5=EE6D856BAC0CA37026116D925616C248 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2011/10/26 11:49:20 | 002,194,816 | ---- | M] (Microsoft Corporation) MD5=F19BB8B35EB140558EDDB3CCA9241DF9 -- C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
< MD5 for: SCECLI.DLL >
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2008/04/14 03:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/09 12:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/09 12:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 12:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe
< MD5 for: TCPIP.SYS >
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB
< End of report >
-
Bonjour,
Postez les rapports, svp.
Télécharger OTL sur le bureau
Double cliquer sur l'icône
Si la protection en temps réel de Malwarebytes Anti-Malware est activée..
Il faut absolument la désactiver sous peine de plantage dans MBAM version PRO ou dans MBAM version gratuite si la période d'essai (de 14 jours de la version PRO) est en cours
Vérifiez que toutes les autres fenêtres sont fermées afin qu'il s'exécute sans interruption.
Cochez]----------------->Tous les utilisateurs (scan all users)
Sous Rapport (output)
Cliquez ----------------------------->Rapport Standard (Standard Output)
Sous Régistre Standard(Standard Registry) cocher Tous(All)
Cochez------------------------------> Lop check et Purity check
Dans Pesonnalisation (Custom Scans Fixes) copier_coller le contenu ci dessous, en vert:
SAVEMBR:0
NetSvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
afd.sys
ahcix86s.sys
atapi.sys
iaStor.sys
iastorv.sys
ipsec.sys
netbt.sys
tcpip.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
explorer.exe
ntoskrnl.exe
services.exe
userinit.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
Clic sur Analyse
une fois le scan terminé , les fichiers OTL.txt et Extras.txt vont s'ouvrir
Comment poster les rapports
Copiez/collez tout ou partie des rapports dans un ou plusieurs messages.
Autre solution à privilégier pour un rapport lourd
Aller sur le site :Ci-Joint
Appuyez sur Parcourir et chercher les rapports sur le disque,
Cliquer sur Ouvrir
Cliquer sur Créer le lien CJoint,
>> dans la page suivante --> ,,
une adresse http//.. sera créée
Copier /coller cette adresse dans votre prochain message.
-
Bonjour,
Il y a 2 jours, mon PC a été infecté par le virus "Système Progressive Protection". Après nettoyage avec RogueKiller et Malware bytes, il subsiste encore quelques problèmes : pc parfois lent, blocage de de firefox, pas d'accès au pare feu windows avec le message suivant : "En raison d'un problème non identifié, Windows ne peut afficher les paramètres du pare feu windows" et peut être d'autre problèmes que je n'ai pas encore identifiés..
OS : windows XP
Merci de votre aide
-
Bonsoir,
C:\bardaf a bien été supprimé et ATF Cleaner passé. Le pc tourne correctement à présent.
Je tenais à te remercier de la rapidité et de l'efficacité de l'aide que tu m'as apporter pour virer ces saletés.
Je voulais juste te poser une dernière question en revenant au premier post ou tu disais que Spyboot et ad aware n'etaitent plus des plus efficaces. Quels logiciels me conseilles tu à la place
Merci
@++
-
C:\Qoobox a bien été supprimé
Rapport Antivir :
Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 7 juin 2009 19:39
La recherche porte sur 1457180 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : Didier
Nom de l'ordinateur : PINSON-C3BA1203
Informations de version :
BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 29/05/2009 20:23:20
ANTIVIR3.VDF : 7.1.4.65 229888 Bytes 06/06/2009 16:45:28
Version du moteur : 8.2.0.180
AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 00:01:00
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 15/05/2009 17:10:34
AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 17:10:33
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 20:06:53
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 15/05/2009 17:10:32
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.44 348532 Bytes 15/05/2009 17:10:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 20:06:52
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 12:49:32
RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05
Configuration pour la recherche actuelle :
Nom de la tâche...............................: ShlExt
Fichier de configuration......................: C:\DOCUME~1\Didier\LOCALS~1\Temp\741266ea.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: arrêt
Recherche en cours sur l'enregistrement.......: arrêt
Recherche de Rootkits.........................: arrêt
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Sélection de fichiers intelligente
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Début de la recherche : dimanche 7 juin 2009 19:39
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\bardaf'
Fin de la recherche : dimanche 7 juin 2009 19:39
Temps nécessaire: 00:01 Minute(s)
La recherche a été effectuée intégralement
2 Les répertoires ont été contrôlés
162 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de contrôler des fichiers
162 Fichiers non infectés
1 Les archives ont été contrôlées
0 Avertissements
0 Consignes
-
Ce dossier pèse 5,83 Mo (6 122 318 octets)
-
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Didier\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Didier\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Didier\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Didier\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Didier\Bureau\OTMoveIt3.exe: trouvé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Didier\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Didier\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Didier\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Didier\Bureau\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\Didier\Bureau\OTMoveIt3.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Je n'ai pas trouvé le fichier TCleaner.txt
Autre question, il y a sous c:\ , un dossier bardaf (avec un moniteur comme icone) qui semble être une sauvegarde du poste de travail. Faut-il le garder?
-
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:04, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Didier\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Didier\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Didier\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6000 bytes
-
Bonjour,
La machine semble tournée correctement.
Il y a juste firefox qui, lorsqu'il est relancé, demarre sur la page qui était active à la fermeture.
Le log Hijackthis doit être effectué en mode sans échec?
-
Voici le rapport MalwareBytes :
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2238
Windows 5.1.2600 Service Pack 3
07/06/2009 00:23:14
mbam-log-2009-06-07 (00-23-14).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 179674
Temps écoulé: 38 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
-
Le rapport de SmitfraudFix :
SmitFraudFix v2.419
Rapport fait à 23:21:57,85, 06/06/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Didier\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Didier\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Didier
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Didier\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Didier\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Didier\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F25289F-0614-4995-A723-ADF6DBE613A9}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F25289F-0614-4995-A723-ADF6DBE613A9}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1F25289F-0614-4995-A723-ADF6DBE613A9}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Petite remarque, je n'ai pas effectué cette procédure en mode sans échec ..
-
Re,
Le rapport Tollbar :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : BIOS Date: 05/20/08 17:31:05 Ver: 08.00.12
USER : Didier ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:198 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 06/06/2009|22:38 )
-----------\\ SUPPRESSION
Supprime! - [service] ASKService
Supprime! - [service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Didier) - {b66bc4c3-6d25-4a10-8c59-01daa9063051} => foxgame
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://fr.msn.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"
--------------------\\ Recherche d'autres infections
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.151,85.255.112.207
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{1F25289F-0614-4995-A723-ADF6DBE613A9}]
NameServer REG_SZ 85.255.112.151,85.255.112.207
==> WAREOUT <==
1 - "C:\ToolBar SD\TB_1.txt" - 06/06/2009|22:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 06/06/2009|22:39 - Option : [2]
-----------\\ Fin du rapport a 22:39:07,84
Et le rapport OTMoveIt3 :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Didier\LOCALS~1\Temp\etilqs_BVOqgU5gnlrixyegzGeD scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\7HC21MJE\CA447JB0CAR2LHKBCAG94F0LCAJ9I24DCAUPKHJMCAJEBYQNCA2LH9RXCA5UJRDQCA5HUPORCAT
TVA74CA4S1YXVCAYBQ0LRCAJW3E0TCAJ3UJIPCA2JURJTCAS7Z2MSCAIY71TOCA80PZNCCA7ZXGCBCAUZ
ZR61 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_10c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\spnserv.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\spserv.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04d0a.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04d0d.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06062009_224150
-
Voici le rapport TB :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : BIOS Date: 05/20/08 17:31:05 Ver: 08.00.12
USER : Didier ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:198 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 06/06/2009|22:11 )
-----------\\ Recherche de Fichiers / Dossiers ...
[service] ASKService
[service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\0004827A
C:\Program Files\AskBarDis\bar\Cache\003251D6
C:\Program Files\AskBarDis\bar\Cache\0048B5B5.bin
C:\Program Files\AskBarDis\bar\Cache\0048B7A9.bin
C:\Program Files\AskBarDis\bar\Cache\0048B94F.bin
C:\Program Files\AskBarDis\bar\Cache\0048CB7F
C:\Program Files\AskBarDis\bar\Cache\005E3138
C:\Program Files\AskBarDis\bar\Cache\0290E4DB
C:\Program Files\AskBarDis\bar\Cache\0290EA3A.bin
C:\Program Files\AskBarDis\bar\Cache\0290ECE9.bin
C:\Program Files\AskBarDis\bar\Cache\0290EEDD.bin
C:\Program Files\AskBarDis\bar\Cache\0290F064.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
-----------\\ Extensions
(Didier) - {b66bc4c3-6d25-4a10-8c59-01daa9063051} => foxgame
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://fr.msn.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
--------------------\\ Recherche d'autres infections
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.151,85.255.112.207
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{1F25289F-0614-4995-A723-ADF6DBE613A9}]
NameServer REG_SZ 85.255.112.151,85.255.112.207
==> WAREOUT <==
1 - "C:\ToolBar SD\TB_1.txt" - 06/06/2009|22:11 - Option : [1]
-----------\\ Fin du rapport a 22:11:57,81
-
Voici le rapport généré par ComboFix :
ComboFix 09-06-05.09 - Didier 06/06/2009 21:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2038.1601 [GMT 2:00]
Lancé depuis: c:\documents and settings\Didier\Bureau\bardaf.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\Didier\Local Settings\Application Data\mequw.dat
c:\documents and settings\Didier\Local Settings\Application Data\mequw_nav.dat
c:\documents and settings\Didier\Local Settings\Application Data\mequw_navps.dat
c:\windows\system32\drivers\gxvxctprqrmwqbpfmithstnsfooeenexyvbfr.sys
c:\windows\system32\gxvxcexrloymhfqxhxidhwijxjgysvvrerqsm.dll
c:\windows\system32\gxvxcwmufwmfpmkopxhuwriyvemwwkmxsbiuv.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-06 au 2009-06-06 ))))))))))))))))))))))))))))))))))))
.
2009-06-06 17:34 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:34 . 2009-06-06 17:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 17:34 . 2009-06-06 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-06 17:34 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 22:02 . 2009-06-05 22:02 -------- d-----w- c:\program files\Sony Ericsson
2009-06-05 22:02 . 2009-06-05 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-05-28 11:40 . 2009-05-28 12:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-16 07:41 . 2009-05-16 07:41 152576 ----a-w- c:\documents and settings\Didier\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-12 06:15 . 2009-05-12 06:15 -------- d-----w- c:\documents and settings\Didier\Application Data\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 19:42 . 2009-01-02 14:18 27552032 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 22:03 . 2009-06-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-06-05 22:03 . 2009-06-05 22:03 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe149.dll
2009-06-05 22:03 . 2009-06-05 22:03 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe149.dll
2009-06-05 22:02 . 2009-01-01 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 12:26 . 2009-01-02 14:18 369284 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-28 12:24 . 2009-01-24 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 12:12 . 2009-01-24 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-23 16:10 . 2009-01-02 14:14 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-05-23 09:08 . 2009-03-07 10:53 -------- d-----w- c:\documents and settings\Didier\Application Data\dvdcss
2009-05-16 07:42 . 2009-01-02 14:33 -------- d-----w- c:\program files\Java
2009-05-13 16:20 . 2009-01-02 11:03 -------- d-----w- c:\program files\Dofus
2009-05-12 07:04 . 2004-08-05 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-12 07:04 . 2004-08-05 12:00 500872 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-07 19:18 . 2009-02-11 18:17 -------- d-----w- c:\program files\Vuze
2009-05-07 19:18 . 2009-02-11 18:17 -------- d-----w- c:\documents and settings\Didier\Application Data\Azureus
2009-05-06 05:17 . 2009-02-27 16:20 4473099 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-04-29 22:11 . 2009-04-29 22:11 -------- d-----w- c:\program files\Avira
2009-04-29 22:11 . 2009-04-29 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-04-23 16:33 . 2009-04-23 16:34 1908224 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-04-22 05:54 . 2009-04-22 05:55 1906176 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-04-14 16:47 . 2009-04-14 16:48 1880576 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-04-14 14:24 . 2009-04-14 14:25 1884160 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-04-14 11:59 . 2009-04-14 11:59 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-14 11:52 . 2009-04-14 11:52 -------- d-----w- c:\program files\Rockstar Games
2009-04-14 11:51 . 2009-01-01 15:59 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-04-08 20:18 . 2009-01-02 21:43 1 ----a-w- c:\documents and settings\Didier\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-03-30 08:32 . 2009-04-29 22:11 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-03-24 14:07 . 2009-04-29 22:11 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-03-10 09:37 . 2009-01-02 14:00 73024 ----a-w- c:\documents and settings\Didier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 03:19 . 2009-01-10 23:48 410984 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 17:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE" [2003-09-12 99840]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Didier\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Didier\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-1-2 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 00:11 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/02/2009 20:17 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/02/2009 20:18 234888]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [01/01/2009 18:00 222976]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [06/06/2009 00:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [06/06/2009 00:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [06/06/2009 00:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [06/06/2009 00:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [06/06/2009 00:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [06/06/2009 00:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [06/06/2009 00:03 109736]
.
Contenu du dossier 'Tâches planifiées'
2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-mequw - c:\documents and settings\didier\local settings\application data\mequw.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\StartupStar\inactive.exe
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Didier\Application Data\Mozilla\Firefox\Profiles\hlfyzubj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ogame.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 21:42
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-06-06 21:43
ComboFix-quarantined-files.txt 2009-06-06 19:43
Avant-CF: 212 206 399 488 octets libres
Après-CF: 212 993 540 096 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
159 --- E O F --- 2009-05-13 13:45
-
C'est identique qu'avec Spyboot, Malwarebytes' Anti-Malware (MBAM) s'installe correctement mais ne se lance pas
Je pense que le missile s'impose
-
Bonjour et merci de ton aide
Je n'arrive pas à charger Malwarebytes' Anti-Malware (MBAM) avec les 2 liens que tu m'as donné
-
Bonjour,
Depuis quelque temps, mon pc a un comportement bizarre, je suis dans l'impossibilité d'installer Spyboot ou ad aware par exemple.
Il est sous windows XP, protégé par antivir et zone Alarme, j'utilise firefox qui possède également de drole de comportement.
Pouvez vous m'aider SVP
Par avance, merci
-
Bonjour,
Et bien oui, les problèmes sont toujours existants et de façon très aléatoires. Je vais être parfois quelques jours sans avoir de blocage de l'affichage, et tout à coup, le pc va se bloquer 3 fois en une heure.
Voici le rapport hijackthis, comme tu me l'as demandé :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:42, on 13/02/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user')
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 10723 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Voici également un nouveau rapport Kapersky :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, February 13, 2008 3:36:20 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/02/2008
Enregistrements dans la base antivirus Kaspersky : 521357
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
Statistiques de l'analyse:
Total d'objets analysés: 95097
Nombre de virus trouvés: 1
Nombre d'objets infectés: 2 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:44:45
Nom de l'objet infecté / Nom du virus / Dernière action
C:\APPS\Softex\OmniPass\btype0.dat L'objet est verrouillé ignoré
C:\APPS\Softex\OmniPass\btype256.dat L'objet est verrouillé ignoré
C:\APPS\Softex\OmniPass\btype259.dat L'objet est verrouillé ignoré
C:\APPS\Softex\OmniPass\btype3.dat L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP358\A0289170.EXE/300.exe Infecté : Trojan-Spy.Win32.Delf.wh ignoré
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP358\A0289170.EXE SetupSpecialist: infecté - 1 ignoré
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP372\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{21EF7AE2-FC12-4F50-9C0A-E84D18B54C25}.crmlog L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{E69F3770-C482-4C5A-9A16-5B6A8E0F7073}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edbtmp.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_5636096_12791 L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_6160384_13490 L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE1.tmp L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE2.tmp L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{AAA9E10E-C53E-494B-8BD0-A2FFB3DDA8FB}.TmpSBE L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{FB904071-CFFE-4B87-9A42-9A5EBE27AEAB}.TmpSBE L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\cert8.db L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\formhistory.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\history.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\key3.db L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\parent.lock L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\search.sqlite L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Cookies\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Boîte de réception.dbx L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Folders.dbx L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Offline.dbx L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Identities\{43A12959-B81D-4924-93B9-84F5FBD412F4}\Microsoft\Outlook Express\Pop3uidl.dbx L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\MSHist012008021320080214\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\NTUSER.DAT L'objet est verrouillé ignoré
D:\Documents and Settings\Didier\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP372\change.log L'objet est verrouillé ignoré
Analyse terminée.
[Résolu] Pare-feu Windows XP inaccessible
dans Software
Posté(e) · Modifié par Syrius
Sur recommandation de Pears, qui m'a désinfecté mon PC ce week end, je poste un problème qui subsiste sur mon PC, a savoir que le pare feu windows XP reste inaccessible avec le message suivant : "En raison d'un problème non identifié, Windows ne peut afficher les paramètres du pare feu windows"
Merci de votre aide
Excusez moi, le sujet est à supprimer, car après un redémarrage complet, le pare feu est de nouveau accessible.