Aller au contenu

JYBI

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    14

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

JYBI's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. JYBI
    Bonjour, Je pense avoir fait tout ce que tu suggérais... Je te dis un grand merci pour tout ce que tu as bien voulu faire pour me tirer d'affaire. Je ne suis qu'un autodidacte en informatique (et en plus nul en Anglais...) et je n'y serais jamais arrivé seul. C'est réconfortant de savoir qu'il existe des gens désintéressés, compétents et pas avares de leur temps pour venir en aide à des novices comme moi. Merci encore.
  2. JYBI
    Salut et ravi de te savoir là! Voici le rapport demandé : -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1 X86-based PC ( Uniprocessor Free : AMD Athlon XP 2400+ ) BIOS : Ver 1.65 USER : Administrateur ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:2 Go (Free:2 Go) E:\ (Local Disk) - NTFS - Total:2 Go (Free:1 Go) F:\ (Local Disk) - NTFS - Total:22 Go (Free:22 Go) G:\ (Local Disk) - NTFS - Total:76 Go (Free:76 Go) H:\ (CD or DVD) I:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 28/12/2008|15:27 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (Administrateur) - {B5EDFBB0-9827-11DA-A72B-0800200C9A66} => forecastfox (Administrateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar (Administrateur) - {9a7f2bbe-9e20-491a-a79f-6a9ab389d347} => mapit (Administrateur) - {B5EDFBB0-9827-11DA-A72B-0800200C9A66} => forecastfox -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\System32\\blank.htm" "Start Page"="http://www.google.com/ig?source=gama&hl=fr" "Search Page"="http://www.google.com" "Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60341" "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 28/12/2008|15:29 - Option : [1] -----------\\ Fin du rapport a 15:29:31,53 A bientôt
  3. JYBI
    Pour Thanos, Bonjour, Je t'ai envoyé le rapport suite à ta demande il y a quelques jours, et pas de nouvelles. Dois-je considérer mon problème comme terminé (ce qu'il est, en fait). J'en profite pour te remercier pour l'aide apportée. Salut.
  4. JYBI
    Bonjour, Voici le rapport demandé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:44:07, on 15/12/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60341 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://assistance.numericable.fr/configura...countHelper.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7086 bytes A bientôt et merci.
  5. JYBI
    Bonsoir, Voici les informations demandées : [Win32 Services - Safe List] Service AntiVirScheduler stopped successfully! Service AntiVirScheduler deleted successfully! File not found. [Driver Services - Safe List] Service avgntdd stopped successfully! Service avgntdd deleted successfully! C:\WINDOWS\system32\drivers\avgntdd.sys moved successfully. Unable to stop service avgntmgr! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntmgr deleted successfully. Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_avgntmgr\ scheduled to be deleted on reboot. Unable to delete service avgntmgr! C:\WINDOWS\system32\drivers\avgntmgr.sys moved successfully. Service avipbb stopped successfully! Service avipbb deleted successfully! C:\WINDOWS\system32\drivers\avipbb.sys moved successfully. Service ssmdrv stopped successfully! Service ssmdrv deleted successfully! C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully. [Registry - Safe List] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\delus not found. [Files/Folders - Created Within 30 Days] C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP folder moved successfully. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\REPORTS folder moved successfully. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\LOGFILES folder moved successfully. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\INFECTED folder moved successfully. C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic folder moved successfully. File C:\WINDOWS\System32\drivers\avgntdd.sys not found! File C:\WINDOWS\System32\drivers\ssmdrv.sys not found! File C:\WINDOWS\System32\drivers\avgntmgr.sys not found! File C:\WINDOWS\System32\drivers\avipbb.sys not found! [Empty Temp Folders] File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\etilqs_ffgktf3sHySg9OTJnBFk scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_280.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_688.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. RecycleBin -> emptied. Explorer started successfully < End of fix log > OTScanIt2 by OldTimer - Version 1.0.3.1 fix logfile created on 12142008_183315 Files moved on Reboot... File C:\Documents and Settings\Administrateur\Local Settings\Temp\etilqs_ffgktf3sHySg9OTJnBFk not found! C:\Documents and Settings\Administrateur\Local Settings\Temp\WCESLog.log moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! File C:\WINDOWS\temp\Perflib_Perfdata_280.dat not found! C:\WINDOWS\temp\Perflib_Perfdata_688.dat moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1s1vhzxv.JYB\XUL.mfl moved successfully. Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_avgntmgr\ scheduled to be deleted on reboot. Celà convient-il? Merci et à bientôt
  6. JYBI
    Salut, Je ne suis pas sûr d'avoir réussi à désinstaller antivir, car quand j'exécute avuninst, il me répond que c'est impossible (ou quelque chose d'approchant, car comme c'est en anglais...) En tout cas, voici le scan : OTScanIt2 logfile created on: 13/12/2008 12:27:19 - Run 3 OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Administrateur\Bureau\OTScanIt2 Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,49 Mb Total Physical Memory | 178,71 Mb Available Physical Memory | 34,94% Memory free 1,22 Gb Paging File | 0,88 Gb Available in Paging File | 72,31% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,74 Gb Total Space | 4,34 Gb Free Space | 44,51% Space Free | Partition Type: NTFS Drive D: | 2,93 Gb Total Space | 2,64 Gb Free Space | 90,29% Space Free | Partition Type: NTFS Drive E: | 2,93 Gb Total Space | 1,46 Gb Free Space | 49,73% Space Free | Partition Type: NTFS Drive F: | 22,69 Gb Total Space | 22,20 Gb Free Space | 97,83% Space Free | Partition Type: NTFS Drive G: | 76,32 Gb Total Space | 76,23 Gb Free Space | 99,88% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JYB Current User Name: Administrateur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/14 14:16:02 | 00,307,712 | ---- | M] (Mozilla Corporation) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 14:25:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/04 14:25:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> [2005/07/15 08:29:12 | 02,891,776 | ---- | M] (Kerio Technologies) kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> [2005/07/15 08:29:12 | 02,891,776 | ---- | M] (Kerio Technologies) kpf4ss.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> [2005/07/15 08:30:36 | 01,630,208 | ---- | M] (Kerio Technologies) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2002/08/20 14:08:38 | 01,511,453 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Bureau\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools) qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2008/09/10 22:57:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe -> [2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) soffice.bin -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.bin -> [2005/12/15 08:38:02 | 00,577,536 | ---- | M] (OpenOffice.org) soffice.exe -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.exe -> [2005/12/15 08:38:02 | 00,434,176 | ---- | M] (OpenOffice.org) ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> [2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe -> [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Stopped] -> -> File not found (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) (helpsvc) Aide et support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2002/08/29 10:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 14:25:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (KPF4) Kerio Personal Firewall 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> [2005/07/15 08:30:36 | 01,630,208 | ---- | M] (Kerio Technologies) (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> [2002/10/25 11:18:00 | 00,065,536 | R--- | M] (NVIDIA Corporation) (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> [2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) (uploadmgr) Gestionnaire de téléchargement [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2002/08/29 10:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) (WmdmPmSp) Numéro de série du média portable [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\mspmspsv.dll -> [2001/08/28 13:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) (AmdK7) Pilote de processeur AMD K7 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2002/08/29 11:17:04 | 00,035,328 | ---- | M] (Microsoft Corporation) (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) (avgntdd) avgntdd [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgntdd.sys -> [2008/05/09 13:15:51 | 00,045,376 | ---- | M] (Avira GmbH) (avgntmgr) avgntmgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\avgntmgr.sys -> [2008/01/21 18:11:28 | 00,022,336 | ---- | M] (Avira GmbH) (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) (fwdrv) Firewall Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fwdrv.sys -> [2005/06/21 09:51:36 | 00,270,336 | ---- | M] (Kerio Technologies) (gameenum) Énumérateur de port jeu [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2002/08/29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) (khips) Kerio HIPS Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\khips.sys -> [2005/05/30 08:32:20 | 00,053,248 | ---- | M] () (ms_mpu401) Pilote UART MIDI MPU-401 Microsoft [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2002/10/25 11:18:00 | 01,177,658 | R--- | M] (NVIDIA Corporation) (nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> [2002/12/05 05:01:00 | 00,013,056 | R--- | M] (NVIDIA Corporation) (NVENET) NVIDIA nForce MCP Networking Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENET.sys -> [2002/09/23 03:37:00 | 00,080,896 | R--- | M] (NVIDIA Corporation) (nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2002/12/05 05:01:00 | 00,241,664 | R--- | M] (NVIDIA Corporation) (nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> [2002/09/06 04:24:00 | 00,013,568 | R--- | M] (NVIDIA Corporation) (Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) (usbaudio) Pilote USB audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> [2002/08/29 00:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) (usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023x.sys -> [2005/10/21 01:25:22 | 00,012,032 | ---- | M] (Microsoft Corporation) (wceusbsh) Windows CE USB Serial Host Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wceusbsh.sys -> [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) (WISTechVIDCAP) ADS DVD XPRESS DX2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wisgostrm.sys -> [2006/02/21 20:40:18 | 00,265,600 | R--- | M] (WIS Technologies) (WS2IFSL) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2001/08/28 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.crawler.com/search/ie.aspx?tb_id=60341 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\System32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ig?source=gama&hl=fr -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl -> HKEY_CURRENT_USER\: URLSearchHooks\\"{C94E154B-1459-4A47-966B-4B843BEFC7DB}" [HKLM] -> %ProgramFiles%\AskSearch\bin\DefaultSearch.dll [DefaultSearchHook Class] -> [2008/07/17 17:19:32 | 00,045,056 | ---- | M] () HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Main\\"Local Page" -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Main\\"Start Page" -> http://www.google.com/ig?source=gama&hl=fr -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: SearchURL\\"provider" -> gogl -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: URLSearchHooks\\"{C94E154B-1459-4A47-966B-4B843BEFC7DB}" [HKLM] -> %ProgramFiles%\AskSearch\bin\DefaultSearch.dll [DefaultSearchHook Class] -> [2008/07/17 17:19:32 | 00,045,056 | ---- | M] () HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\z1orxmkg.default\prefs.js -> browser.startup.homepage -> "http://www.google.fr/ig" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.3" -> extensions.enabledItems -> {9a7f2bbe-9e20-491a-a79f-6a9ab389d347}:0.7.3.2 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.3 -> extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.2 -> < HOSTS File > (288089 bytes and 9971 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) {64F56FC1-1272-44CD-BA6E-39723696E350} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/04 14:25:40 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/04 14:25:40 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/04 14:25:40 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E718888-423F-11D2-876E-00A0C9082467}" [HKLM] -> %SystemRoot%\system32\msdxm.ocx [&Radio] -> [2002/08/29 10:44:22 | 00,846,364 | ---- | M] (Microsoft Corporation) "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) "EPSON Stylus DX4200 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"] -> [2005/03/08 05:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found "NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh) "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2002/10/25 11:18:00 | 04,239,360 | R--- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2002/10/25 11:18:00 | 00,315,392 | R--- | M] (NVIDIA Corporation) "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/10 22:57:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/04 14:25:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> "delus" -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\delus.exe [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\delus.exe] -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "H/PC Connection Agent" -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2002/08/20 14:08:38 | 01,511,453 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "H/PC Connection Agent" -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2002/08/20 14:08:38 | 01,511,453 | ---- | M] (Microsoft Corporation) < Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage -> %UserProfile%\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe -> [2005/12/14 16:01:20 | 00,061,440 | ---- | M] () < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2000/08/24 15:45:38 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Button: Create Mobile Favorite] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Menu: Créer un Favori de l'appareil mobile...] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) {c95fe080-8f5d-11d2-a20b-00aa003c157a}:%SystemRoot%\web\related.htm [HKLM] -> %SystemRoot%\Web\related.htm [Button: @shdoclc.dll,-866] -> [2001/08/28 13:00:00 | 00,000,654 | ---- | M] () {c95fe080-8f5d-11d2-a20b-00aa003c157a}:%SystemRoot%\web\related.htm [HKLM] -> %SystemRoot%\Web\related.htm [Menu: @shdoclc.dll,-864] -> [2001/08/28 13:00:00 | 00,000,654 | ---- | M] () < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Créer un Favori de l'appareil mobile...] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Créer un Favori de l'appareil mobile...] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> .[msn] -> Poste de travail -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> .[msn] -> Poste de travail -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688[Java Plug-in 1.6.0_11] -> {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} [HKLM] -> http://assistance.numericable.fr/configurateur/AccountHelper.cab[AccountHelper Class] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {233D3408-26B3-4C88-BABB-25E7C7DF5009} -> () -> {42DC5A19-9F9E-46AA-8F49-E3FC86605484} -> (NVIDIA nForce MCP Networking Adapter) -> {DF891BCE-6FEF-4BD2-8E7F-12B959EA04FA} -> (Windows Mobile-based Device) -> {EFE342DF-6C9C-4DB0-9ECF-AB535516FA05} -> (Carte réseau 1394) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Pilote de CD-ROM -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2002/08/29 00:27:56 | 00,047,488 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/09/10 18:14:54 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Files/Folders - Created Within 30 Days] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Bureau\OTScanIt2 -> [2008/12/13 12:25:55 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2008/12/13 12:25:33 | 00,647,677 | ---- | C] () labvisionrc -> %AllUsersProfile%\Application Data\labvisionrc -> [2008/12/12 16:39:46 | 00,000,193 | ---- | C] () temp -> %SystemDrive%\temp -> [2008/12/12 16:39:46 | 00,000,000 | ---D | C] Mes eBooks -> F:\Mes eBooks -> [2008/12/06 17:23:18 | 00,000,000 | ---D | C] société générale.odt -> F:\société générale.odt -> [2008/12/05 19:03:27 | 00,006,446 | ---- | C] () sauvegarde.reg -> F:\sauvegarde.reg -> [2008/12/05 18:38:30 | 00,061,208 | ---- | C] () WindowsInstaller-KB893803-v2-x86.exe -> F:\WindowsInstaller-KB893803-v2-x86.exe -> [2008/12/05 18:38:25 | 02,585,872 | ---- | C] (Microsoft Corporation) scan.html -> F:\scan.html -> [2008/12/05 18:38:17 | 00,002,701 | ---- | C] () ig.htm -> F:\ig.htm -> [2008/12/05 18:37:18 | 00,182,742 | ---- | C] () ig_fichiers -> F:\ig_fichiers -> [2008/12/05 18:37:18 | 00,000,000 | ---D | C] Alfred Mes documents -> F:\Alfred Mes documents -> [2008/12/05 18:36:56 | 00,000,000 | ---D | C] Sun -> %SystemRoot%\Sun -> [2008/12/04 14:26:21 | 00,000,000 | ---D | C] Java -> %ProgramFiles%\Java -> [2008/12/04 14:25:34 | 00,000,000 | ---D | C] Sun -> %AppData%\Sun -> [2008/12/04 14:24:59 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/02 16:27:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2008/12/02 16:27:59 | 00,000,696 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/02 16:27:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/02 16:27:53 | 00,000,000 | ---D | C] Nettoyer.lnk -> %UserProfile%\Bureau\Nettoyer.lnk -> [2008/12/02 10:41:21 | 00,000,517 | ---- | C] () trend micro -> %ProgramFiles%\trend micro -> [2008/12/01 19:17:14 | 00,000,000 | ---D | C] rsit -> %SystemDrive%\rsit -> [2008/12/01 19:17:12 | 00,000,000 | ---D | C] UNNMP.cfg -> %SystemRoot%\UNNMP.cfg -> [2008/12/01 18:33:15 | 00,052,418 | ---- | C] () NeroCheck.exe -> %SystemRoot%\System32\NeroCheck.exe -> [2008/12/01 18:25:12 | 00,155,648 | ---- | C] (Ahead Software Gmbh) UNNeroVision.cfg -> %SystemRoot%\UNNeroVision.cfg -> [2008/12/01 18:24:11 | 00,123,026 | ---- | C] () msxml3a.dll -> %SystemRoot%\System32\msxml3a.dll -> [2008/12/01 18:24:10 | 00,024,064 | ---- | C] (Microsoft Corporation) Ahead -> %AllUsersProfile%\Application Data\Ahead -> [2008/12/01 18:23:38 | 00,000,000 | ---D | C] imagx5.dll -> %SystemRoot%\System32\imagx5.dll -> [2008/12/01 18:23:37 | 00,544,768 | ---- | C] (Pegasus Software, LLC) TwnLib20.dll -> %SystemRoot%\System32\TwnLib20.dll -> [2008/12/01 18:23:37 | 00,106,496 | ---- | C] (Pegasus Software) picn20.dll -> %SystemRoot%\System32\picn20.dll -> [2008/12/01 18:23:37 | 00,038,912 | ---- | C] (Pegasus Imaging Corp.) imagr5.dll -> %SystemRoot%\System32\imagr5.dll -> [2008/12/01 18:23:36 | 00,569,344 | ---- | C] (Pegasus Software,LLC) ImagXpr5.dll -> %SystemRoot%\System32\ImagXpr5.dll -> [2008/12/01 18:23:36 | 00,283,920 | ---- | C] (Pegasus Software, LLC) mswinsck.ocx -> %SystemRoot%\System32\mswinsck.ocx -> [2008/11/30 15:04:13 | 00,124,688 | ---- | C] (Microsoft Corporation) vb6fr.dll -> %SystemRoot%\System32\vb6fr.dll -> [2008/11/30 15:04:13 | 00,119,568 | ---- | C] (Microsoft Corporation) winskfr.dll -> %SystemRoot%\System32\winskfr.dll -> [2008/11/30 15:04:13 | 00,015,872 | ---- | C] (Microsoft Corporation) i-Covers -> %ProgramFiles%\i-Covers -> [2008/11/30 15:04:12 | 00,000,000 | ---D | C] avast! Antivirus.lnk -> %UserProfile%\Bureau\avast! Antivirus.lnk -> [2008/11/26 18:14:59 | 00,001,721 | ---- | C] () AntiVir PersonalEdition Classic -> %AllUsersProfile%\Application Data\AntiVir PersonalEdition Classic -> [2008/11/26 17:48:40 | 00,000,000 | ---D | C] Minidump -> %SystemRoot%\Minidump -> [2008/11/26 17:46:28 | 00,000,000 | ---D | C] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> [2008/11/26 17:45:18 | 00,045,376 | ---- | C] (Avira GmbH) ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2008/11/26 17:45:18 | 00,028,352 | ---- | C] (Avira GmbH) avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> [2008/11/26 17:45:18 | 00,022,336 | ---- | C] (Avira GmbH) avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/11/26 17:45:16 | 00,075,072 | ---- | C] (Avira GmbH) Avira -> %AllUsersProfile%\Application Data\Avira -> [2008/11/26 17:45:13 | 00,000,000 | ---D | C] NortonInstaller -> %AllUsersProfile%\Application Data\NortonInstaller -> [2008/11/25 15:27:47 | 00,000,000 | ---D | C] ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll -> [2008/11/24 14:23:41 | 00,162,304 | ---- | C] () UNRAR3.dll -> %SystemRoot%\System32\UNRAR3.dll -> [2008/11/24 14:23:41 | 00,153,088 | ---- | C] () unacev2.dll -> %SystemRoot%\System32\unacev2.dll -> [2008/11/24 14:23:41 | 00,075,264 | ---- | C] () ztvcabinet.dll -> %SystemRoot%\System32\ztvcabinet.dll -> [2008/11/24 14:23:41 | 00,069,632 | ---- | C] (Microsoft Corporation) Thumbs.db -> %SystemRoot%\Thumbs.db -> [2008/11/23 15:42:07 | 00,010,752 | -HS- | C] () Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [2008/11/23 15:22:17 | 00,000,000 | ---D | C] Devious Codeworks -> %ProgramFiles%\Devious Codeworks -> [2008/11/20 18:56:50 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008/11/14 16:09:23 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\Administrateur\Local Settings\Temp\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp -> [2008/12/13 12:27:04 | 00,000,000 | ---D | M] UNNMP.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\UNNMP.exe -> [2004/04/06 17:36:35 | 01,798,144 | ---- | M] (Ahead Software AG) ytb.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\ytb.exe -> [2008/11/25 20:08:36 | 00,329,479 | ---- | M] (Yahoo! Inc.) 1 C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries -> [2008/12/08 16:55:54 | 00,000,000 | ---D | M] ScanningProcess.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ScanningProcess.exe -> [2008/12/05 18:33:00 | 00,139,264 | ---- | M] (Kaspersky Lab.) C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries -> [2008/12/08 16:55:54 | 00,000,000 | ---D | M] FSSync.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\FSSync.dll -> [2008/12/05 18:33:00 | 00,038,400 | ---- | M] (Kaspersky Lab) ikave.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ikave.dll -> [2008/12/05 18:33:00 | 00,065,536 | ---- | M] () kave.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\kave.dll -> [2008/12/05 18:33:00 | 00,282,624 | ---- | M] (Kaspersky Lab.) kosglue-7.0.25.0.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\kosglue-7.0.25.0.dll -> [2008/12/05 18:33:01 | 00,729,152 | ---- | M] (Kaspersky Lab) msvcm80.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\msvcm80.dll -> [2008/12/05 18:33:00 | 00,479,232 | ---- | M] (Microsoft Corporation) msvcp80.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\msvcp80.dll -> [2008/12/05 18:33:00 | 00,548,864 | ---- | M] (Microsoft Corporation) msvcr80.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\msvcr80.dll -> [2008/12/05 18:33:00 | 00,626,688 | ---- | M] (Microsoft Corporation) prLoader.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\prLoader.dll -> [2008/12/05 18:33:01 | 00,184,320 | ---- | M] (Kaspersky Lab) prremote.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\prremote.dll -> [2008/12/05 18:33:01 | 00,090,112 | ---- | M] (Kaspersky Lab) C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/13 11:52:39 | 00,000,000 | ---D | M] Perflib_Perfdata_17c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_17c.dat -> [2008/12/13 11:52:03 | 00,016,384 | ---- | M] () Perflib_Perfdata_684.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_684.dat -> [2008/12/12 14:53:57 | 00,016,384 | ---- | M] () Perflib_Perfdata_688.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_688.dat -> [2008/12/13 11:51:56 | 00,016,384 | ---- | M] () Perflib_Perfdata_68c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_68c.dat -> [2008/12/08 15:03:19 | 00,016,384 | ---- | M] () Perflib_Perfdata_690.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_690.dat -> [2008/12/01 14:26:08 | 00,016,384 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2008/12/13 12:25:34 | 00,647,677 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/12/13 12:16:13 | 00,288,089 | ---- | M] () CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [2008/12/13 11:52:38 | 00,003,121 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/13 11:51:39 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/13 11:51:32 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/13 11:51:31 | 53,640,3968 | -HS- | M] () labvisionrc -> %AllUsersProfile%\Application Data\labvisionrc -> [2008/12/12 16:41:16 | 00,000,193 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/11 16:07:40 | 00,002,206 | ---- | M] () Thumbs.db -> F:\Thumbs.db -> [2008/12/09 18:52:04 | 01,572,920 | -HS- | M] () Thumbs.db -> %SystemRoot%\Thumbs.db -> [2008/12/09 18:47:50 | 00,010,752 | -HS- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/09 18:47:49 | 00,000,049 | ---- | M] () société générale.odt -> F:\société générale.odt -> [2008/12/05 19:03:28 | 00,006,446 | ---- | M] () Ecrire.lnk -> %UserProfile%\Bureau\Ecrire.lnk -> [2008/12/05 19:01:19 | 00,002,555 | ---- | M] () Desktop.ini -> F:\Desktop.ini -> [2008/12/05 18:46:00 | 00,000,086 | -HS- | M] () scan.html -> F:\scan.html -> [2008/12/04 19:40:10 | 00,002,701 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/03 09:43:08 | 00,054,156 | -H-- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2008/12/02 16:27:59 | 00,000,696 | ---- | M] () Nettoyer.lnk -> %UserProfile%\Bureau\Nettoyer.lnk -> [2008/12/02 10:41:21 | 00,000,517 | ---- | M] () Gravure.lnk -> %AllUsersProfile%\Bureau\Gravure.lnk -> [2008/12/01 18:26:32 | 00,001,325 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/01 18:13:59 | 00,009,728 | ---- | M] () aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2008/11/26 18:21:30 | 01,236,208 | ---- | M] (ALWIL Software) aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> [2008/11/26 18:18:25 | 00,093,296 | ---- | M] (ALWIL Software) aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> [2008/11/26 18:15:10 | 00,097,480 | ---- | M] (ALWIL Software) avast! Antivirus.lnk -> %UserProfile%\Bureau\avast! Antivirus.lnk -> [2008/11/26 18:14:59 | 00,001,721 | ---- | M] () sauvegarde.reg -> F:\sauvegarde.reg -> [2008/11/25 15:35:28 | 00,061,208 | ---- | M] () hosts.20081123-193439.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081123-193439.backup -> [2008/11/23 19:34:19 | 00,288,089 | R--- | M] () Photo.lnk -> %UserProfile%\Bureau\Photo.lnk -> [2008/11/20 19:46:01 | 00,001,698 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 88 bytes -> F:\prout.mpeg:SummaryInformation @Alternate Data Stream - 88 bytes -> F:\Nouveau fichier de paramètres.OPS:SummaryInformation @Alternate Data Stream - 88 bytes -> F:\Impots 2007 reçu:SummaryInformation @Alternate Data Stream - 0 bytes -> F:\Thumbs.db:encryptable @Alternate Data Stream - 0 bytes -> F:\prout.mpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} @Alternate Data Stream - 0 bytes -> F:\Nouveau fichier de paramètres.OPS:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} @Alternate Data Stream - 0 bytes -> F:\Impots 2007 reçu:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable < End of report > Merci encore.
  7. JYBI
    Bonjour, Je viens de faire tout ce que tu m'as demandé et, effectivement, çà marche! J'arrive directement sur ma page d'accueil. Bravo pour avoir trouvé la solution et merci pour ta patience. Une dernière petite chose, si tu permets : Est-ce qu'il y avait un virus ou un malware? Merci pour ta réponse.
  8. JYBI
    Bonjour, C'est sympa de te retrouver. Voici le scan demandé OTScanIt2 logfile created on: 08/12/2008 15:13:59 - Run 1 OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\Administrateur\Bureau\OTScanIt2 Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,49 Mb Total Physical Memory | 191,13 Mb Available Physical Memory | 37,37% Memory free 1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,73% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,74 Gb Total Space | 4,48 Gb Free Space | 45,96% Space Free | Partition Type: NTFS Drive D: | 2,93 Gb Total Space | 2,64 Gb Free Space | 90,29% Space Free | Partition Type: NTFS Drive E: | 2,93 Gb Total Space | 1,46 Gb Free Space | 49,73% Space Free | Partition Type: NTFS Drive F: | 22,69 Gb Total Space | 22,20 Gb Free Space | 97,83% Space Free | Partition Type: NTFS Drive G: | 76,32 Gb Total Space | 76,23 Gb Free Space | 99,88% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JYB Current User Name: Administrateur Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/14 14:16:02 | 00,307,712 | ---- | M] (Mozilla Corporation) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 14:25:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/04 14:25:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> [2005/07/15 08:29:12 | 02,891,776 | ---- | M] (Kerio Technologies) kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> [2005/07/15 08:29:12 | 02,891,776 | ---- | M] (Kerio Technologies) kpf4ss.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> [2005/07/15 08:30:36 | 01,630,208 | ---- | M] (Kerio Technologies) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2002/08/20 14:08:38 | 01,511,453 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Bureau\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools) qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2008/09/10 22:57:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe -> [2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) soffice.bin -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.bin -> [2005/12/15 08:38:02 | 00,577,536 | ---- | M] (OpenOffice.org) soffice.exe -> %ProgramFiles%\OpenOffice.org 2.0\program\soffice.exe -> [2005/12/15 08:38:02 | 00,434,176 | ---- | M] (OpenOffice.org) ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> [2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe -> [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Stopped] -> -> File not found (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/11/26 18:12:08 | 00,018,752 | ---- | M] (ALWIL Software) (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/11/26 18:18:46 | 00,155,160 | ---- | M] (ALWIL Software) (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/11/26 18:18:32 | 00,254,040 | ---- | M] (ALWIL Software) (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/11/26 18:16:23 | 00,352,920 | ---- | M] (ALWIL Software) (helpsvc) Aide et support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2002/08/29 10:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/04 14:25:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (KPF4) Kerio Personal Firewall 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> [2005/07/15 08:30:36 | 01,630,208 | ---- | M] (Kerio Technologies) (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> [2002/10/25 11:18:00 | 00,065,536 | R--- | M] (NVIDIA Corporation) (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> [2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) (uploadmgr) Gestionnaire de téléchargement [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2002/08/29 10:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) (WmdmPmSp) Numéro de série du média portable [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\mspmspsv.dll -> [2001/08/28 13:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) (AmdK7) Pilote de processeur AMD K7 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2002/08/29 11:17:04 | 00,035,328 | ---- | M] (Microsoft Corporation) (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) (avgntdd) avgntdd [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgntdd.sys -> [2008/05/09 13:15:51 | 00,045,376 | ---- | M] (Avira GmbH) (avgntmgr) avgntmgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\avgntmgr.sys -> [2008/01/21 18:11:28 | 00,022,336 | ---- | M] (Avira GmbH) (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) (fwdrv) Firewall Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fwdrv.sys -> [2005/06/21 09:51:36 | 00,270,336 | ---- | M] (Kerio Technologies) (gameenum) Énumérateur de port jeu [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2002/08/29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) (khips) Kerio HIPS Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\khips.sys -> [2005/05/30 08:32:20 | 00,053,248 | ---- | M] () (ms_mpu401) Pilote UART MIDI MPU-401 Microsoft [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msmpu401.sys -> [2001/08/17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2002/10/25 11:18:00 | 01,177,658 | R--- | M] (NVIDIA Corporation) (nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> [2002/12/05 05:01:00 | 00,013,056 | R--- | M] (NVIDIA Corporation) (NVENET) NVIDIA nForce MCP Networking Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENET.sys -> [2002/09/23 03:37:00 | 00,080,896 | R--- | M] (NVIDIA Corporation) (nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> [2002/12/05 05:01:00 | 00,241,664 | R--- | M] (NVIDIA Corporation) (nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> [2002/09/06 04:24:00 | 00,013,568 | R--- | M] (NVIDIA Corporation) (Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) (usbaudio) Pilote USB audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> [2002/08/29 00:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) (usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023x.sys -> [2005/10/21 01:25:22 | 00,012,032 | ---- | M] (Microsoft Corporation) (wceusbsh) Windows CE USB Serial Host Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wceusbsh.sys -> [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) (WISTechVIDCAP) ADS DVD XPRESS DX2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wisgostrm.sys -> [2006/02/21 20:40:18 | 00,265,600 | R--- | M] (WIS Technologies) (WS2IFSL) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2001/08/28 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.crawler.com/search/ie.aspx?tb_id=60341 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\System32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ig?source=gama&hl=fr -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl -> HKEY_CURRENT_USER\: URLSearchHooks\\"{C94E154B-1459-4A47-966B-4B843BEFC7DB}" [HKLM] -> %ProgramFiles%\AskSearch\bin\DefaultSearch.dll [DefaultSearchHook Class] -> [2008/07/17 17:19:32 | 00,045,056 | ---- | M] () HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Main\\"Local Page" -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Main\\"Start Page" -> http://www.google.com/ig?source=gama&hl=fr -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: SearchURL\\"provider" -> gogl -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: URLSearchHooks\\"{C94E154B-1459-4A47-966B-4B843BEFC7DB}" [HKLM] -> %ProgramFiles%\AskSearch\bin\DefaultSearch.dll [DefaultSearchHook Class] -> [2008/07/17 17:19:32 | 00,045,056 | ---- | M] () HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\z1orxmkg.default\prefs.js -> browser.startup.homepage -> "http://www.google.fr/ig" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.3" -> extensions.enabledItems -> {9a7f2bbe-9e20-491a-a79f-6a9ab389d347}:0.7.3.2 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.3 -> extensions.enabledItems -> {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.2 -> < HOSTS File > (288089 bytes and 9971 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) {64F56FC1-1272-44CD-BA6E-39723696E350} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/04 14:25:40 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/04 14:25:40 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/04 14:25:40 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{8E718888-423F-11D2-876E-00A0C9082467}" [HKLM] -> %SystemRoot%\system32\msdxm.ocx [&Radio] -> [2002/08/29 10:44:22 | 00,846,364 | ---- | M] (Microsoft Corporation) "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/11/26 18:18:51 | 00,081,000 | ---- | M] (ALWIL Software) "EPSON Stylus DX4200 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"] -> [2005/03/08 05:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) "KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found "NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh) "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> [2002/10/25 11:18:00 | 04,239,360 | R--- | M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2002/10/25 11:18:00 | 00,315,392 | R--- | M] (NVIDIA Corporation) "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/10 22:57:51 | 00,098,304 | ---- | M] (Apple Computer, Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/04 14:25:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "H/PC Connection Agent" -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2002/08/20 14:08:38 | 01,511,453 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "H/PC Connection Agent" -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2002/08/20 14:08:38 | 01,511,453 | ---- | M] (Microsoft Corporation) < Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage -> %UserProfile%\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk -> %ProgramFiles%\OpenOffice.org 2.0\program\quickstart.exe -> [2005/12/14 16:01:20 | 00,061,440 | ---- | M] () < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2000/08/24 15:45:38 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Button: Create Mobile Favorite] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Menu: Créer un Favori de l'appareil mobile...] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) {c95fe080-8f5d-11d2-a20b-00aa003c157a}:%SystemRoot%\web\related.htm [HKLM] -> %SystemRoot%\Web\related.htm [Button: @shdoclc.dll,-866] -> [2001/08/28 13:00:00 | 00,000,654 | ---- | M] () {c95fe080-8f5d-11d2-a20b-00aa003c157a}:%SystemRoot%\web\related.htm [HKLM] -> %SystemRoot%\Web\related.htm [Menu: @shdoclc.dll,-864] -> [2001/08/28 13:00:00 | 00,000,654 | ---- | M] () < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Créer un Favori de l'appareil mobile...] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Créer un Favori de l'appareil mobile...] -> [2006/11/13 13:06:50 | 00,158,504 | ---- | M] (Microsoft Corporation) CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [@shdoclc.dll,-866] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> .[msn] -> Poste de travail -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5191 domain(s) found. -> .[msn] -> Poste de travail -> 49 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\] > -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1123561945-1604221776-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688[Java Plug-in 1.6.0_11] -> {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} [HKLM] -> http://assistance.numericable.fr/configurateur/AccountHelper.cab[AccountHelper Class] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {233D3408-26B3-4C88-BABB-25E7C7DF5009} -> () -> {42DC5A19-9F9E-46AA-8F49-E3FC86605484} -> (NVIDIA nForce MCP Networking Adapter) -> {DF891BCE-6FEF-4BD2-8E7F-12B959EA04FA} -> (Windows Mobile-based Device) -> {EFE342DF-6C9C-4DB0-9ECF-AB535516FA05} -> (Carte réseau 1394) -> IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Pilote de CD-ROM -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2002/08/29 00:27:56 | 00,047,488 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/09/10 18:14:54 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Files/Folders - Created Within 30 Days] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Bureau\OTScanIt2 -> [2008/12/08 15:12:49 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2008/12/08 15:12:12 | 00,647,651 | ---- | C] () Mes eBooks -> F:\Mes eBooks -> [2008/12/06 17:23:18 | 00,000,000 | ---D | C] société générale.odt -> F:\société générale.odt -> [2008/12/05 19:03:27 | 00,006,446 | ---- | C] () sauvegarde.reg -> F:\sauvegarde.reg -> [2008/12/05 18:38:30 | 00,061,208 | ---- | C] () WindowsInstaller-KB893803-v2-x86.exe -> F:\WindowsInstaller-KB893803-v2-x86.exe -> [2008/12/05 18:38:25 | 02,585,872 | ---- | C] (Microsoft Corporation) scan.html -> F:\scan.html -> [2008/12/05 18:38:17 | 00,002,701 | ---- | C] () ig.htm -> F:\ig.htm -> [2008/12/05 18:37:18 | 00,182,742 | ---- | C] () ig_fichiers -> F:\ig_fichiers -> [2008/12/05 18:37:18 | 00,000,000 | ---D | C] Alfred Mes documents -> F:\Alfred Mes documents -> [2008/12/05 18:36:56 | 00,000,000 | ---D | C] Sun -> %SystemRoot%\Sun -> [2008/12/04 14:26:21 | 00,000,000 | ---D | C] Java -> %ProgramFiles%\Java -> [2008/12/04 14:25:34 | 00,000,000 | ---D | C] Sun -> %AppData%\Sun -> [2008/12/04 14:24:59 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/02 16:27:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2008/12/02 16:27:59 | 00,000,696 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/02 16:27:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/02 16:27:53 | 00,000,000 | ---D | C] Nettoyer.lnk -> %UserProfile%\Bureau\Nettoyer.lnk -> [2008/12/02 10:41:21 | 00,000,517 | ---- | C] () trend micro -> %ProgramFiles%\trend micro -> [2008/12/01 19:17:14 | 00,000,000 | ---D | C] rsit -> %SystemDrive%\rsit -> [2008/12/01 19:17:12 | 00,000,000 | ---D | C] RSIT.exe -> %UserProfile%\Bureau\RSIT.exe -> [2008/12/01 19:16:44 | 00,305,705 | ---- | C] () UNNMP.cfg -> %SystemRoot%\UNNMP.cfg -> [2008/12/01 18:33:15 | 00,052,418 | ---- | C] () NeroCheck.exe -> %SystemRoot%\System32\NeroCheck.exe -> [2008/12/01 18:25:12 | 00,155,648 | ---- | C] (Ahead Software Gmbh) UNNeroVision.cfg -> %SystemRoot%\UNNeroVision.cfg -> [2008/12/01 18:24:11 | 00,123,026 | ---- | C] () msxml3a.dll -> %SystemRoot%\System32\msxml3a.dll -> [2008/12/01 18:24:10 | 00,024,064 | ---- | C] (Microsoft Corporation) Ahead -> %AllUsersProfile%\Application Data\Ahead -> [2008/12/01 18:23:38 | 00,000,000 | ---D | C] imagx5.dll -> %SystemRoot%\System32\imagx5.dll -> [2008/12/01 18:23:37 | 00,544,768 | ---- | C] (Pegasus Software, LLC) TwnLib20.dll -> %SystemRoot%\System32\TwnLib20.dll -> [2008/12/01 18:23:37 | 00,106,496 | ---- | C] (Pegasus Software) picn20.dll -> %SystemRoot%\System32\picn20.dll -> [2008/12/01 18:23:37 | 00,038,912 | ---- | C] (Pegasus Imaging Corp.) imagr5.dll -> %SystemRoot%\System32\imagr5.dll -> [2008/12/01 18:23:36 | 00,569,344 | ---- | C] (Pegasus Software,LLC) ImagXpr5.dll -> %SystemRoot%\System32\ImagXpr5.dll -> [2008/12/01 18:23:36 | 00,283,920 | ---- | C] (Pegasus Software, LLC) mswinsck.ocx -> %SystemRoot%\System32\mswinsck.ocx -> [2008/11/30 15:04:13 | 00,124,688 | ---- | C] (Microsoft Corporation) vb6fr.dll -> %SystemRoot%\System32\vb6fr.dll -> [2008/11/30 15:04:13 | 00,119,568 | ---- | C] (Microsoft Corporation) winskfr.dll -> %SystemRoot%\System32\winskfr.dll -> [2008/11/30 15:04:13 | 00,015,872 | ---- | C] (Microsoft Corporation) i-Covers -> %ProgramFiles%\i-Covers -> [2008/11/30 15:04:12 | 00,000,000 | ---D | C] avast! Antivirus.lnk -> %UserProfile%\Bureau\avast! Antivirus.lnk -> [2008/11/26 18:14:59 | 00,001,721 | ---- | C] () AntiVir PersonalEdition Classic -> %AllUsersProfile%\Application Data\AntiVir PersonalEdition Classic -> [2008/11/26 17:48:40 | 00,000,000 | ---D | C] Minidump -> %SystemRoot%\Minidump -> [2008/11/26 17:46:28 | 00,000,000 | ---D | C] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> [2008/11/26 17:45:18 | 00,045,376 | ---- | C] (Avira GmbH) ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> [2008/11/26 17:45:18 | 00,028,352 | ---- | C] (Avira GmbH) avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> [2008/11/26 17:45:18 | 00,022,336 | ---- | C] (Avira GmbH) avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/11/26 17:45:16 | 00,075,072 | ---- | C] (Avira GmbH) Avira -> %AllUsersProfile%\Application Data\Avira -> [2008/11/26 17:45:13 | 00,000,000 | ---D | C] NortonInstaller -> %AllUsersProfile%\Application Data\NortonInstaller -> [2008/11/25 15:27:47 | 00,000,000 | ---D | C] ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll -> [2008/11/24 14:23:41 | 00,162,304 | ---- | C] () UNRAR3.dll -> %SystemRoot%\System32\UNRAR3.dll -> [2008/11/24 14:23:41 | 00,153,088 | ---- | C] () unacev2.dll -> %SystemRoot%\System32\unacev2.dll -> [2008/11/24 14:23:41 | 00,075,264 | ---- | C] () ztvcabinet.dll -> %SystemRoot%\System32\ztvcabinet.dll -> [2008/11/24 14:23:41 | 00,069,632 | ---- | C] (Microsoft Corporation) Thumbs.db -> %SystemRoot%\Thumbs.db -> [2008/11/23 15:42:07 | 00,010,752 | -HS- | C] () Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [2008/11/23 15:22:17 | 00,000,000 | ---D | C] Devious Codeworks -> %ProgramFiles%\Devious Codeworks -> [2008/11/20 18:56:50 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008/11/14 16:09:23 | 00,000,000 | ---D | C] EPISMF00.SWB -> %SystemRoot%\EPISMF00.SWB -> [2008/11/11 17:20:11 | 00,016,574 | ---- | C] () GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/11/11 17:18:18 | 00,026,064 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\Administrateur\Local Settings\Temp\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp -> [2008/12/08 15:12:13 | 00,000,000 | ---D | M] UNNMP.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\UNNMP.exe -> [2004/04/06 17:36:35 | 01,798,144 | ---- | M] (Ahead Software AG) ytb.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\ytb.exe -> [2008/11/25 20:08:36 | 00,329,479 | ---- | M] (Yahoo! Inc.) 1 C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrateur\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries -> [2008/12/05 18:33:02 | 00,000,000 | ---D | M] ScanningProcess.exe -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ScanningProcess.exe -> [2008/12/05 18:33:00 | 00,139,264 | ---- | M] (Kaspersky Lab.) C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries -> [2008/12/05 18:33:02 | 00,000,000 | ---D | M] FSSync.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\FSSync.dll -> [2008/12/05 18:33:00 | 00,038,400 | ---- | M] (Kaspersky Lab) ikave.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\ikave.dll -> [2008/12/05 18:33:00 | 00,065,536 | ---- | M] () kave.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\kave.dll -> [2008/12/05 18:33:00 | 00,282,624 | ---- | M] (Kaspersky Lab.) kosglue-7.0.25.0.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\kosglue-7.0.25.0.dll -> [2008/12/05 18:33:01 | 00,729,152 | ---- | M] (Kaspersky Lab) msvcm80.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\msvcm80.dll -> [2008/12/05 18:33:00 | 00,479,232 | ---- | M] (Microsoft Corporation) msvcp80.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\msvcp80.dll -> [2008/12/05 18:33:00 | 00,548,864 | ---- | M] (Microsoft Corporation) msvcr80.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\msvcr80.dll -> [2008/12/05 18:33:00 | 00,626,688 | ---- | M] (Microsoft Corporation) prLoader.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\prLoader.dll -> [2008/12/05 18:33:01 | 00,184,320 | ---- | M] (Kaspersky Lab) prremote.dll -> C:\Documents and Settings\Administrateur\Local Settings\Temp\jkos-Administrateur\binaries\prremote.dll -> [2008/12/05 18:33:01 | 00,090,112 | ---- | M] (Kaspersky Lab) C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/08 15:05:32 | 00,000,000 | ---D | M] Perflib_Perfdata_114.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_114.dat -> [2008/12/08 15:03:32 | 00,016,384 | ---- | M] () Perflib_Perfdata_68c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_68c.dat -> [2008/12/08 15:03:19 | 00,016,384 | ---- | M] () Perflib_Perfdata_690.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_690.dat -> [2008/12/01 14:26:08 | 00,016,384 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2008/12/08 15:12:12 | 00,647,651 | ---- | M] () CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [2008/12/08 15:04:16 | 00,003,121 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/08 15:03:09 | 00,000,006 | -H-- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/08 15:03:02 | 00,002,206 | ---- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/08 15:03:01 | 53,640,3968 | -HS- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/08 15:03:01 | 00,002,048 | --S- | M] () société générale.odt -> F:\société générale.odt -> [2008/12/05 19:03:28 | 00,006,446 | ---- | M] () Ecrire.lnk -> %UserProfile%\Bureau\Ecrire.lnk -> [2008/12/05 19:01:19 | 00,002,555 | ---- | M] () Desktop.ini -> F:\Desktop.ini -> [2008/12/05 18:46:00 | 00,000,086 | -HS- | M] () NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2008/12/05 16:57:07 | 00,000,049 | ---- | M] () scan.html -> F:\scan.html -> [2008/12/04 19:40:10 | 00,002,701 | ---- | M] () Thumbs.db -> %SystemRoot%\Thumbs.db -> [2008/12/04 13:51:43 | 00,010,752 | -HS- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/03 09:43:08 | 00,054,156 | -H-- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/12/02 17:02:10 | 00,288,089 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2008/12/02 16:27:59 | 00,000,696 | ---- | M] () Nettoyer.lnk -> %UserProfile%\Bureau\Nettoyer.lnk -> [2008/12/02 10:41:21 | 00,000,517 | ---- | M] () RSIT.exe -> %UserProfile%\Bureau\RSIT.exe -> [2008/12/01 19:16:40 | 00,305,705 | ---- | M] () Gravure.lnk -> %AllUsersProfile%\Bureau\Gravure.lnk -> [2008/12/01 18:26:32 | 00,001,325 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/12/01 18:13:59 | 00,009,728 | ---- | M] () aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2008/11/26 18:21:30 | 01,236,208 | ---- | M] (ALWIL Software) aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> [2008/11/26 18:18:25 | 00,093,296 | ---- | M] (ALWIL Software) aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/11/26 18:18:18 | 00,094,032 | ---- | M] (ALWIL Software) aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/11/26 18:17:36 | 00,111,184 | ---- | M] (ALWIL Software) aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/11/26 18:16:38 | 00,050,864 | ---- | M] (ALWIL Software) aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/11/26 18:16:29 | 00,023,152 | ---- | M] (ALWIL Software) aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/11/26 18:15:35 | 00,026,944 | ---- | M] (ALWIL Software) AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> [2008/11/26 18:15:10 | 00,097,480 | ---- | M] (ALWIL Software) avast! Antivirus.lnk -> %UserProfile%\Bureau\avast! Antivirus.lnk -> [2008/11/26 18:14:59 | 00,001,721 | ---- | M] () sauvegarde.reg -> F:\sauvegarde.reg -> [2008/11/25 15:35:28 | 00,061,208 | ---- | M] () hosts.20081123-193439.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081123-193439.backup -> [2008/11/23 19:34:19 | 00,288,089 | R--- | M] () Photo.lnk -> %UserProfile%\Bureau\Photo.lnk -> [2008/11/20 19:46:01 | 00,001,698 | ---- | M] () EPISMF00.SWB -> %SystemRoot%\EPISMF00.SWB -> [2008/11/11 17:20:11 | 00,016,574 | ---- | M] () GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/11/11 17:18:18 | 00,026,064 | ---- | M] () os110921.bin -> %AllUsersProfile%\Documents\os110921.bin -> [2008/11/08 18:20:03 | 00,000,697 | -H-- | M] () < End of report > A bientôt.
  9. JYBI
    Bonsoir docteur! Impossible d'aller sur cybersecurite, le site est fermé! Pour le scan, j'ai eu quelques difficultés. J'espère que ce qui suit est bien ce que je devais joindre. KASPERSKY ONLINE SCANNER 7 REPORT Thursday, December 4, 2008 Operating System: Microsoft Windows XP Professional Service Pack 1 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, December 04, 2008 11:22:06 Records in database: 1436426 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics Files scanned 41699 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 00:47:00 No malware has been detected. The scan area is clean. The selected area was scanned. Voilà, cela t'éclaire-t-il? A bientôt, j'espère, pour le diagnostic.
  10. JYBI
    Bonsoir, Tu as raison, cette page, je l'ai déjà eue quand je téléchargeais une nouvelle version de firefox, mais, une fois que je la virais, je retrouvais ma bonne page, définitivement... Réflexion faite, cette page ne ressemble quand même pas aux autres fois, elle est à dominante blanche et bleue, mais peut-être que je me trompe. En tout cas j'ai fait la vérif, il s'agit bien de "ma page d'accueil". Ce qui est plus étonnant, c'est que, quand la fausse page d'accueil est affichée, c'est encore ma bonne page qui figure dans la fenêtre options : www.google.fr/ig Pardon pour tout ce tracas et encore une fois merci.
  11. JYBI
    Bonjour, Il y avait bien quelque chose (voir le rapport ci-dessous), mais cela n'a pas résolu le problème de la fausse page d'accueil (http://fr.www.mozilla.com/fr/firefox/3.0.4/whatsnew/). En tout cas, merci pour tout ce temps passé sur mes ennuis informatiques!... Voici le rapport : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1445 Windows 5.1.2600 Service Pack 1 02/12/2008 16:49:36 mbam-log-2008-12-02 (16-49-36).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|) Eléments examinés: 79503 Temps écoulé: 19 minute(s), 27 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) J'espère que cela te renseignera et encore merci.
  12. JYBI
    Bonsoir et merci d'avoir répondu. Voici les choses demandées :Logfile of random's system information tool 1.04 (written by random/random) Run by Administrateur at 2008-12-01 19:17:12 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 3 GB (28%) free of 10 GB Total RAM: 511 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:17:50, on 01/12/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60341 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://assistance.numericable.fr/configura...countHelper.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6687 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2002-10-25 4239360] "nwiz"=nwiz.exe /install [] "EPSON Stylus DX4200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE [2005-03-08 98304] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-10 98304] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2002-08-20 1511453] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .txt - open - Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2008-12-01 19:17:14 ----D---- C:\Program Files\trend micro 2008-12-01 19:17:12 ----D---- C:\rsit 2008-12-01 18:33:15 ----N---- C:\WINDOWS\UNNMP.exe 2008-12-01 18:25:12 ----A---- C:\WINDOWS\System32\NeroCheck.exe 2008-12-01 18:24:10 ----N---- C:\WINDOWS\UNNeroVision.exe 2008-12-01 18:24:10 ----A---- C:\WINDOWS\System32\msxml3a.dll 2008-12-01 18:23:38 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead 2008-12-01 18:23:37 ----A---- C:\WINDOWS\System32\TwnLib20.dll 2008-12-01 18:23:37 ----A---- C:\WINDOWS\System32\picn20.dll 2008-12-01 18:23:37 ----A---- C:\WINDOWS\System32\imagx5.dll 2008-12-01 18:23:36 ----A---- C:\WINDOWS\System32\ImagXpr5.dll 2008-12-01 18:23:36 ----A---- C:\WINDOWS\System32\imagr5.dll 2008-11-30 15:04:13 ----A---- C:\WINDOWS\System32\winskfr.dll 2008-11-30 15:04:13 ----A---- C:\WINDOWS\System32\vb6fr.dll 2008-11-30 15:04:12 ----D---- C:\Program Files\i-Covers 2008-11-28 17:31:44 ----D---- C:\Program Files\AskBarDis 2008-11-26 17:48:40 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-11-26 17:46:28 ----D---- C:\WINDOWS\Minidump 2008-11-26 17:45:13 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2008-11-25 15:27:47 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2008-11-24 14:23:41 ----A---- C:\WINDOWS\System32\ztvunrar36.dll 2008-11-24 14:23:41 ----A---- C:\WINDOWS\System32\ztvcabinet.dll 2008-11-24 14:23:41 ----A---- C:\WINDOWS\System32\UNRAR3.dll 2008-11-24 14:23:41 ----A---- C:\WINDOWS\System32\unacev2.dll 2008-11-23 15:22:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-11-20 18:56:50 ----D---- C:\Program Files\Devious Codeworks 2008-11-14 16:09:23 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-05 18:07:44 ----D---- C:\WINDOWS\System32\NtmsData ======List of files/folders modified in the last 1 months====== 2008-12-01 19:17:15 ----D---- C:\WINDOWS\Prefetch 2008-12-01 19:17:14 ----RD---- C:\Program Files 2008-12-01 19:15:05 ----D---- C:\Program Files\Mozilla Firefox 2008-12-01 19:07:27 ----D---- C:\WINDOWS\Temp 2008-12-01 18:52:38 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-01 18:34:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Ahead 2008-12-01 18:33:15 ----D---- C:\WINDOWS 2008-12-01 18:33:01 ----D---- C:\Program Files\Ahead 2008-12-01 18:30:55 ----D---- C:\WINDOWS\Debug 2008-12-01 18:30:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2 2008-12-01 18:29:49 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-01 18:29:20 ----D---- C:\WINDOWS\system32 2008-12-01 18:23:38 ----D---- C:\Program Files\Fichiers communs\Ahead 2008-12-01 14:43:14 ----D---- C:\Program Files\Mozilla Thunderbird 2008-11-30 18:27:10 ----D---- C:\WINDOWS\Help 2008-11-30 15:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-11-30 15:27:47 ----D---- C:\WINDOWS\System32\CatRoot2 2008-11-28 18:03:42 ----D---- C:\WINDOWS\System32\drivers 2008-11-28 17:33:29 ----SD---- C:\WINDOWS\Tasks 2008-11-28 17:01:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-26 18:21:30 ----A---- C:\WINDOWS\System32\aswBoot.exe 2008-11-26 16:56:38 ----D---- C:\WINDOWS\System32\CatRoot 2008-11-26 16:55:06 ----SHD---- C:\WINDOWS\Installer 2008-11-26 16:54:47 ----HD---- C:\WINDOWS\inf 2008-11-25 15:23:08 ----D---- C:\Program Files\Fichiers communs 2008-11-23 15:44:02 ----D---- C:\Program Files\Movie Maker 2008-11-23 15:44:01 ----D---- C:\Program Files\Messenger 2008-11-23 15:43:52 ----D---- C:\Program Files\ADSTech DVD Xpress DX2 2008-11-23 15:43:46 ----D---- C:\Program Files\Windows Media Player 2008-11-20 16:39:48 ----A---- C:\ASLog.txt 2008-11-19 18:49:59 ----D---- C:\Program Files\Yahoo! 2008-11-07 19:31:26 ----D---- C:\Program Files\Adobe 2008-11-05 18:07:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-05 17:53:25 ----D---- C:\WINDOWS\System32\config 2008-11-05 17:53:21 ----D---- C:\WINDOWS\System32\wbem 2008-11-05 17:53:21 ----D---- C:\WINDOWS\Registration 2008-11-05 17:52:58 ----D---- C:\WINDOWS\System32\Restore 2008-11-04 15:20:24 ----A---- C:\WINDOWS\win.ini 2008-11-03 17:40:38 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\System32\drivers\Aavmker4.sys [2008-11-26 26944] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2002-08-29 35328] R1 aswSP;avast! Self Protection; C:\WINDOWS\System32\drivers\aswSP.sys [2008-11-26 111184] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\System32\drivers\aswTdi.sys [2008-11-26 50864] R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376] R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-06-27 75072] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 270336] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 53248] R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\System32\drivers\aswMon2.sys [2008-11-26 94032] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344] R3 aswRdr;aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [2008-11-26 23152] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-10-25 1177658] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2002-08-29 15744] R3 WISTechVIDCAP;ADS DVD XPRESS DX2; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-02-21 265600] S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\System32\DRIVERS\usb8023x.sys [2005-10-21 12032] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160] R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2005-07-15 1630208] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920] S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [] S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S4 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-10-25 65536] -----------------EOF----------------- J'espère avoir tout bien fait.
  13. JYBI
  14. JYBI
    Bonjour à tous, A la suite de mon dernier téléchargement de mise à jour de firefox, maintenant, quand je lance celui-ci, ma page d'accueil habituelle est remplacée par une page bizarre, soi-disant mozilla firefox qui me dit : "vous avez maintenant la dernière version de mozilla firefox". Je suis obligé de virer cette page pour retrouver ma vraie page d'accueil et cela à chaque fois que je veux aller sur internet. Bizarrerie supplémentaire, quand cette page frauduleuse est affichée, si je vais voir dans outils/options/général, c'est bien ma bonne page d'accueil qui est indiqué. Pouvez-vous m'aider? (Si j'ai attrapé un virus en téléchargeant firefox, c'est inquiètant car c'est sur le site du renard) J'ajoute que j'ai été infecté par eorezo et lo.st, et que, grace à un site de dépannage, je m'en suis débarrassé.
×
×
  • Créer...