Aller au contenu

ben ali

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    59

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par ben ali

  1. ben ali
    Bonsoir Appolo, Tout semble fonctionner nickel à présent mais pour ce qui est de l'étape des points de restauration du système, je ne vois aucune partition "linux-seven". J'ai seulement les partitions suivantes: DONNEES (D:) protection désactivée Disque local (C:) (Système) Protection activée RECOVERY (E:) protection désactivée Je te remercie encore par avance pour tes éclaircissements sur la marche à suivre pour finir le boulot !
  2. ben ali
    Resalut Appolo (Creed?) , J'ai lancé ESET et apparemment aucune menace n'a été trouvée après son scan ("no threats found")... Ca semble corroborer le fait que les "pop-up" intempestifs ont totalement disparu. J'en conclus que je suis donc tranquille ? Merci encore par avance pour ton avis
  3. ben ali
    Salut Apollo, En espérant que ta journée a bien démarrée, je te mets le rapport MBAM (apparemment il n'a rien trouvé): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6682 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26/05/2011 07:37:08 mbam-log-2011-05-26 (07-37-08).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 318198 Temps écoulé: 38 minute(s), 36 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Merci encore par avance pour ton aide cordialement
  4. ben ali
    Voici le rapport ZHPfixReport: Rapport de ZHPFix 1.12.3286 par Nicolas Coolman, Update du 23/05/2011 Fichier d'export Registre : Run by Utilisateur at 25/05/2011 23:21:08 Windows 7 Home Premium Edition, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto_is1 => Logiciel absent O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM][64Bits] -- PCTuto Avast_is1 => Logiciel absent O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM][64Bits] -- UpdatePCTuto_is1 => Logiciel absent ========== Clé(s) du Registre ========== O23 - Service: (OfferBox update service) . (...) - C:\Program Files (x86)\OfferBox\OfferBoxUpdateService.exe => Clé supprimée avec succès HKCU\Software\PCTuto => Clé supprimée avec succès HKLM\Software\PCTuto => Clé absente HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive => Clé absente HKLM\Software\Wow6432Node\PCTuto => Clé supprimée avec succès HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1 => Clé absente SS - | Auto 20/08/2009 0 | (OfferBox update service) . (...) - C:\Program Files (x86)\OfferBox\OfferBoxUpdateService.exe => Clé absente ========== Dossier(s) ========== C:\Users\Utilisateur\AppData\Roaming\OfferBox => Supprimé et mis en quarantaine Dossiers temporaires Windows supprimés: 101 Dossiers Flash Cookies supprimés : 70 ========== Fichier(s) ========== c:\program files (x86)\offerbox\offerboxupdateservice.exe => Fichier absent c:\users\utilisateur\appdata\roaming\offerbox => Fichier absent Fichiers temporaires Windows supprimés : 28 Fichiers Flash Cookies supprimés : 27 ========== Récapitulatif ========== 7 : Clé(s) du Registre 3 : Dossier(s) 4 : Fichier(s) 3 : Logiciel(s) End of the scan
  5. ben ali
    Voila le lien du rapport Zhpdiag: Cijoint.fr - Service gratuit de dépôt de fichiers Merci encore par avance pour votre aide et votre temps précieux que vous me consacrez !
  6. ben ali
    Voici le rapport "ad-remover": ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 21:46:05 le 25/05/2011, Mode normal Microsoft Windows 7 Édition Familiale Premium (X64) Utilisateur@UTILISATEUR-PC (Hewlett-Packard Compaq Presario CQ71 Notebook PC) ============== ACTION(S) ============== Fichier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk Dossier supprimé: C:\Users\Utilisateur\AppData\Roaming\PCtuto Dossier supprimé: C:\Users\Utilisateur\AppData\Local\PCTuto Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto Dossier supprimé: C:\Program Files (x86)\PCTuto Dossier supprimé: C:\Users\Utilisateur\AppData\Roaming\OfferBox Dossier supprimé: C:\Program Files (x86)\OfferBox (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{2EECCC1A-4CA0-492F-838D-AC1FC26CB327} Clé supprimée: HKLM\Software\Classes\Interface\{2EECCC1A-4CA0-492F-838D-AC1FC26CB327} Clé supprimée: HKLM\Software\Classes\CLSID\{65f0de9c-0ac1-416b-b8b6-b3d68dc76ea3} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{65f0de9c-0ac1-416b-b8b6-b3d68dc76ea3} Clé supprimée: HKLM\Software\Classes\CLSID\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé supprimée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E} Clé supprimée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD} Clé supprimée: HKLM\Software\Classes\TypeLib\{9D7233B0-0CC0-4938-8208-5B3F9D643873} Clé supprimée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD} Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer Clé supprimée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1 Clé supprimée: HKLM\Software\Classes\Offerbox.SpointerAdProvider Clé supprimée: HKLM\Software\Classes\Offerbox.SpointerAdProvider.5 Clé supprimée: HKLM\Software\Classes\Offerbox.SpointerWebDisp Clé supprimée: HKLM\Software\OfferBox Clé supprimée: HKCU\Software\OfferBox Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da8002cf-2914-493a-b7e8-79740e2e15db} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|offerbox@spointer.com Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto ============== SCAN ADDITIONNEL ============== **** Google Chrome Version [11.0.696.68] **** Extension\dpicnlijpdlebkhpegfenfjpglinfdhm (C:\Program Files (x86)\OfferBox\extensions-3.1.3878.129\offerbox_air_chrome.crx) (x) -- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: true) (?) Preferences - homepage: hxxp://www.google.com/ Preferences - homepage_is_newtabpage: true Plugin - Chrome NaCl (Activé: false) (C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\11.0.696.68\ppGoogleNaClPluginChrome.dll) Plugin - OfferBox (Activé: true) (C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpicnlijpdlebkhpegfenfjpglinfdhm\5.1.2276.19_0\offerbox_air_chrome.dll) Plugin - "Java" (Activé: true) Plugin - "Silverlight" (Activé: true) Plugin - "Chrome NaCl" (Activé: false) Plugin - "OfferBox" (Activé: true) ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 44 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 17 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 25/05/2011 21:45:27 (490 Octet(s)) C:\Ad-Report-CLEAN[2].txt - 25/05/2011 21:46:07 (5545 Octet(s)) C:\Ad-Report-SCAN[1].txt - 25/05/2011 21:42:57 (5572 Octet(s)) Fin à: 21:50:45, 25/05/2011 ============== E.O.F ==============
  7. ben ali
    Voici tout d'abord le rapport de scan de ad-remover: ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: http://www.teamxscript.org C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:42:26 le 25/05/2011, Mode normal Microsoft Windows 7 Édition Familiale Premium (X64) Utilisateur@UTILISATEUR-PC (Hewlett-Packard Compaq Presario CQ71 Notebook PC) ============== RECHERCHE ============== Fichier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk Dossier trouvé: C:\Users\Utilisateur\AppData\Roaming\PCtuto Dossier trouvé: C:\Users\Utilisateur\AppData\Local\PCTuto Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto Dossier trouvé: C:\Program Files (x86)\PCTuto Dossier trouvé: C:\Users\Utilisateur\AppData\Roaming\OfferBox Dossier trouvé: C:\Program Files (x86)\OfferBox Clé trouvée: HKLM\Software\Classes\CLSID\{2EECCC1A-4CA0-492F-838D-AC1FC26CB327} Clé trouvée: HKLM\Software\Classes\Interface\{2EECCC1A-4CA0-492F-838D-AC1FC26CB327} Clé trouvée: HKLM\Software\Classes\CLSID\{65f0de9c-0ac1-416b-b8b6-b3d68dc76ea3} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{65f0de9c-0ac1-416b-b8b6-b3d68dc76ea3} Clé trouvée: HKLM\Software\Classes\CLSID\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{703740c1-0f1a-4cec-a4df-d78db0158477} Clé trouvée: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E} Clé trouvée: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD} Clé trouvée: HKLM\Software\Classes\TypeLib\{9D7233B0-0CC0-4938-8208-5B3F9D643873} Clé trouvée: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD} Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer Clé trouvée: HKLM\Software\Classes\OfferBox.OfferBoxServer.1 Clé trouvée: HKLM\Software\Classes\Offerbox.SpointerAdProvider Clé trouvée: HKLM\Software\Classes\Offerbox.SpointerAdProvider.5 Clé trouvée: HKLM\Software\Classes\Offerbox.SpointerWebDisp Clé trouvée: HKLM\Software\OfferBox Clé trouvée: HKCU\Software\OfferBox Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da8002cf-2914-493a-b7e8-79740e2e15db} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|offerbox@spointer.com Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto ============== SCAN ADDITIONNEL ============== **** Google Chrome Version [11.0.696.68] **** Extension\dpicnlijpdlebkhpegfenfjpglinfdhm (C:\Program Files (x86)\OfferBox\extensions-3.1.3878.129\offerbox_air_chrome.crx) (?) -- C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Activé: true) (?) Preferences - homepage: hxxp://www.google.com/ Preferences - homepage_is_newtabpage: true Plugin - Chrome NaCl (Activé: false) (C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\11.0.696.68\ppGoogleNaClPluginChrome.dll) Plugin - OfferBox (Activé: true) (C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpicnlijpdlebkhpegfenfjpglinfdhm\5.1.2276.19_0\offerbox_air_chrome.dll) Plugin - "Java" (Activé: true) Plugin - "Silverlight" (Activé: true) Plugin - "Chrome NaCl" (Activé: false) Plugin - "OfferBox" (Activé: true) ======================================== **** Internet Explorer Version [8.0.7600.16385] **** HKCU_Main|Default_Page_URL - hxxp://g.uk.msn.com/CQNOT/3 HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU_Main|Start Page - hxxp://g.uk.msn.com/CQNOT/3 HKLM_Main|Default_Page_URL - hxxp://g.uk.msn.com/CQNOT/3 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://g.uk.msn.com/CQNOT/3 HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x) HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x) HKLM_ElevationPolicy\{da8002cf-2914-493a-b7e8-79740e2e15db} - C:\Program Files (x86)\OfferBox\OfferBox.exe (Aedge Performance BCN SL) HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll) BHO\{703740c1-0f1a-4cec-a4df-d78db0158477} - "OfferBox" (C:\Program Files (x86)\OfferBox\extensions-3.1.3878.129\offerbox_air_iexplorer.dll) ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 2 Fichier(s) C:\Ad-Report-SCAN[1].txt - 25/05/2011 21:42:57 (5434 Octet(s)) Fin à: 21:44:16, 25/05/2011 ============== E.O.F ==============
  8. ben ali
    Bonsoir tout le monde (et bonsoir particulier à MONSIEUR Bernard53 ), Je me permets de réécrire sur ce forum, car sur mon deuxième ordi, j'aurai peut être une sorte de trojan/malware dont le symptome principal est d'ouvrir intempestivement, à un rythme assez irrégulier par ailleurs, des fenêtres de jeux à télécharger ou pire de sites coquins . J'ai beau avoir effectué spybot et anti-malware d'Emisoft mais cette saloperie semble leur résister. Comme le veut la procédure, je vous mets donc pour commencer le rapport de scan de "hijackthis": Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:01:12, on 25/05/2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\PCTuto\pctuto.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe C:\Program Files (x86)\OfferBox\OfferBox.exe C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Utilisateur\Downloads\HiJackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: OfferBox - {703740c1-0f1a-4cec-a4df-d78db0158477} - C:\Program Files (x86)\OfferBox\extensions-3.1.3878.129\offerbox_air_iexplorer.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [PCTuto] "C:\Program Files (x86)\PCTuto\pctuto.exe" O4 - HKLM\..\RunOnce: [autoupdater] C:\Users\Utilisateur\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe -runonce O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe O23 - Service: OfferBox update service - Aedge Performance BCN SL - C:\Program Files (x86)\OfferBox\OfferBoxUpdateService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10996 bytes Merci par avance pour vos lumières et votre aide précieuse ! cordialement
  9. ben ali
    Bonjour Bernard, J'ai été jusqu'au bout de la procédure. Après avoir créé le nouveau point de restauration "PC-Clean", je me suis contenté de fermer la fenêtre sans procéder au "démarrage de la restauration". Ais-je bien fait ? Merci encore par avance pour votre réponse et mille merci pour toute l'aide que vous m'avez apporté sur ce dernier mois ! P.S : Après votre confirmation, je vais de ce pas editer mon topic pour le mettre en "résolu" dans son titre !
  10. ben ali
    Bonjour Bernard, Je vous poste le rapport "delFix" issu de l'étape de "suppression": # DelFix v7.5 - Rapport créé le 30/03/2011 à 12:17 # Mis à jour le 15/03/11 à 16h30 par Xplode # Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3 # Nom d'utilisateur : HP_Propriétaire - PICASSO (Administrateur) # Exécuté depuis : C:\thomas\iufm\EmsisoftEmergencyKit\DelFix.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ -> C:\Qoobox\BackEnv ... ACL modifié avec succès. Supprimé : C:\Qoobox Supprimé : C:\USBFix Supprimé : C:\_OTL Supprimé : C:\tdsskiller Supprimé : C:\WinFileReplace Supprimé : C:\Combofix Supprimé : C:\Program Files\ZHPDiag Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\ComboFix.txt Supprimé : C:\UsbFix.txt Supprimé : C:\UsbFix_Upload_Me_PICASSO.zip Supprimé : C:\rapport-WFR.txt Supprimé : C:\avenger.txt Supprimé : C:\TDSSKiller.2.4.20.0_08.03.2011_14.29.09_log.txt Supprimé : C:\cleanup.bat Supprimé : C:\ZHPExportRegistry-07-03-2011-13-56-26.txt Supprimé : C:\WINDOWS\grep.exe Supprimé : C:\WINDOWS\PEV.exe Supprimé : C:\WINDOWS\NIRCMD.exe Supprimé : C:\WINDOWS\MBR.exe Supprimé : C:\WINDOWS\sed.exe Supprimé : C:\WINDOWS\SWREG.exe Supprimé : C:\WINDOWS\SWSC.exe Supprimé : C:\WINDOWS\SWXCACLS.exe Supprimé : C:\WINDOWS\zip.exe Supprimé : C:\Documents and Settings\HP_Propriétaire\Bureau\ZHPDiag.txt Supprimé : C:\Documents and Settings\HP_Propriétaire\Bureau\ZHPFixReport.txt Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\SOFTWARE\USBFix Clé Supprimée : HKLM\Software\swearware Clé Supprimée : HKLM\Software\OldTimer Tools Clé Supprimée : HKLM\Software\Classes\.cfxxe Clé Supprimée : HKLM\Software\Classes\cfxxefile Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Autre ~~~~~~ -> Prefetch vidé ########## EOF - "C:\DelFixSuppr.txt" - [2549 octets] ########## J'attends votre feu vert pour continuer la procédure. Bonne journée à vous et encore mille mercis pour votre aide et votre disponibilité !
  11. ben ali
    Rebonsoir Bernard, Pour information, je vous mets le rapport de "nettoyage" (en fait je crois qu'il n'y a eu aucun nettoyage) de ZHPfix: Rapport de ZHPFix 1.12.3257 par Nicolas Coolman, Update du 05/03/2011 Fichier d'export Registre : Run by HP_Propriétaire at 29/03/2011 22:23:27 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Autre ========== -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.) => Format Non supporté ========== Récapitulatif ========== 1 : Autre End of the scan
  12. ben ali
    Pour ce qui en est de ZHPfix, quant j'ouvre l'onglet "H", il y a bien les bonnes lignes mais par contre elles sont disposées entièrement à la suite (elles ne sont pas disposées l'une en dessous de l'autre quoi). Si je vous ai bien compris, la dispotion des lignes doit se présenter de la façon suivante: O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\OfferBox Browser.lnk . (...) -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.) Pouvez vous me le confirmer (ou l'infirmer) ? Encore mille mercis pour votre aide !
  13. ben ali
    Rebonsoir Bernard, Voici le dernier rapport combofix: ComboFix 11-03-28.05 - HP_Propriétaire 29/03/2011 20:43:43.8.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.137 [GMT 2:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-28 au 2011-03-29 )))))))))))))))))))))))))))))))))))) . . 2011-03-25 10:28 . 2011-03-25 10:28 574 ----a-w- C:\cleanup.bat 2011-03-22 14:01 . 2011-03-25 10:02 -------- d-----w- C:\UsbFix 2011-03-17 22:30 . 2011-03-18 13:54 -------- d-----w- C:\FR-files 2011-03-17 22:19 . 2011-03-17 22:40 -------- d-----w- C:\WinFileReplace 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-06 22:22 . 2011-03-25 21:18 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-25 21:18 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-29 18:01 . 2011-03-29 18:01 185502 ----a-w- C:\Qoobox.zip 2011-03-25 10:02 . 2011-03-25 10:02 3850045 ----a-w- C:\UsbFix_Upload_Me_PICASSO.zip 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-03-25_20.04.57 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-29 18:26 . 2011-03-29 18:26 16384 c:\windows\temp\Perflib_Perfdata_72c.dat + 2011-03-29 18:27 . 2011-03-29 18:27 16384 c:\windows\temp\Perflib_Perfdata_554.dat + 2004-08-05 17:00 . 2004-08-04 04:59 95360 c:\windows\system32\dllcache\atapi.sys - 2004-08-05 17:00 . 2004-08-05 18:00 95360 c:\windows\system32\dllcache\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 08:21 114768] R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [07/06/2007 10:52 719392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 08:21 20560] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 19:58 135664] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 20:40 606208] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [22/02/2007 00:20 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [22/02/2007 00:20 5248] . Contenu du dossier 'Tâches planifiées' . 2011-03-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-29 20:59 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(704) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1204) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Heure de fin: 2011-03-29 21:07:50 ComboFix-quarantined-files.txt 2011-03-29 19:07 ComboFix2.txt 2011-03-25 20:12 ComboFix3.txt 2011-03-25 11:23 . Avant-CF: 122 440 110 080 octets libres Après-CF: 122 428 067 840 octets libres . - - End Of File - - A8B2C796C75E8528D0AE2EF98A061F7A Encore merci par avance pour votre aide et vos observations !
  14. ben ali
    Je peux continuer la procédure ?
  15. ben ali
    Bonsoir Bernard, Avant de passer à la suite de la procédure que vous m'indiquez dans votre dernier post, je vous donne le lien de mon fichier Qoobox.zip qui est le suivant: Cijoint.fr - Service gratuit de dépôt de fichiers Merci encore par avance pour votre aide qui vaut de l'or ! Cordialement
  16. ben ali
    Voici le rapport ZHPDiag: Rapport de ZHPDiag v1.27.1628 par Nicolas Coolman, Update du 05/03/2011 Run by HP_Propriétaire at 25/03/2011 21:59:12 Web site : ZHPDiag Outil de diagnostic Contact : nicolascoolman@yahoo.fr ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) MFIE: Mozilla Firefox v3.5.15 (fr) GCIE: Google Chrome ---\\ System Information Windows XP Home Edition Service Pack 3 (Build 2600) Processor: x86 Family 15 Model 47 Stepping 0, AuthenticAMD Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 446 MB (12% free) System Restore: Activé (Enable) System drive C: has 114 GB (63%) free of 180 GB ---\\ Logged in mode Computer Name: PICASSO User Name: HP_Propriétaire All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, HP_Propriétaire, HelpAssistant, Administrateur, Unselected Option: None Logged in as Administrator ---\\ Environnement Variables %AppData%=C:\Documents and Settings\HP_Propriétaire\Application Data %LocalAppData%=C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data %StartMenu%=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 114 Go of 180 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 6 Go) E:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 03:34:03.) -- C:\Windows\Explorer.exe [1037824] [MD5.AF4EAA3B35A2D206E1902D7CA61B958A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/12/2010 00:53:04.) -- C:\Windows\System32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 03:34:28.) -- C:\Windows\System32\Winlogon.exe [512000] [MD5.00000000000000000000000000000000] - (.Pas de propriétaire - Pas de description.) (.05/08/2004 00:00:00.) -- C:\Windows\System32\drivers\atapi.sys [95360] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 20:15:53.) -- C:\Windows\System32\drivers\ntfs.sys [574976] ---\\ Processus lancés [MD5.6BDB117F5CF40FE91FF50E1BB3F28184] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [364544] [MD5.5DEBC3519D489411073FA7E56FFB4A93] - (.ALWIL Software - avast! Antivirus updating service.) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752] [MD5.0AAF6B848185899CF76AE04E62EAB3D2] - (.ALWIL Software - avast! antivirus service.) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe [138680] [MD5.4367F2FBB01E4F8862E6351F1D8A16E7] - (.Emsi Software GmbH - a-squared Service.) -- C:\Program Files\a-squared Anti-Malware\a2service.exe [719392] [MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664] [MD5.90E0F7FDCAC66FB50C1CE1A1C7396642] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [149280] [MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [MD5.F8D427DAE2984A4968E2D1CB53634784] - (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400] [MD5.7B8875A5B04932AC73AFD8079864DB68] - (.Realtek Semiconductor Corp. - Realtek Audio - Event Monitor.) -- C:\WINDOWS\ALCXMNTR.EXE [57344] [MD5.D029A234EB9F6772BDB304208FC9EA4F] - (.Emsi Software GmbH - Background Guard.) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [3438992] [MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856] [MD5.BC8C698113F8576E4DB97CE2C1AED103] - (.Pas de propriétaire - ControlUtility MFC Application.) -- C:\Program Files\TM1184\ControlUtility\ControlUtility.exe [262144] [MD5.B2F564DC59B67763C73269E1A9DA7F18] - (.ALWIL Software - avast! e-Mail Scanner Service.) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [254040] [MD5.D86010C96ABADDA75356834D6113D37D] - (.ALWIL Software - avast! Web Scanner.) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [352920] [MD5.86F56F1B9DB52B5629A7BEC1C1BD2B48] - (.Sun Microsystems, Inc. - Java Update Checker.) -- C:\Program Files\Java\jre6\bin\jucheck.exe [386872] [MD5.2DCC5C800F51D487178814CA9EADA181] - (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\notepad.exe [70656] [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\internet explorer\iexplore.exe [638816] [MD5.903E617600010767AE394F8083C9B1A7] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [632320] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) M3 - MFPP: Plugins - [HP_Propriétaire] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [HP_Propriétaire] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [HP_Propriétaire] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [HP_Propriétaire] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [HP_Propriétaire] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [HP_Propriétaire] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeploytk.dll P2 - FPN:Firefox Plugin Navigator . (.DivX,Inc. - DivX® Web Player.) -- C:\Program Files\Mozilla Firefox\Plugins\npdivx32.dll P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.448.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll P2 - FPN:Firefox Plugin Navigator . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Mozilla Firefox\Plugins\NPSWF32.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems, Inc. - Adobe Flash Player Helper 9.0 r28.) -- C:\Program Files\Mozilla Firefox\Plugins\NPSWF32_FlashUtil.exe P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Web Player.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll P2 - FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Content Upload Plugin.) -- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=13] - (.Google - Google Updater plugin<br><a href="http://pack.google.com/">http://pack.) -- C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.450] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.448] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.448] - (.RealNetworks, Inc. - 6.0.12.448.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll M0 - MFSP: prefs.js [HP_Propriétaire - kn1t48o0.default] http://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr M2 - MFEP: prefs.js [HP_Propriétaire - kn1t48o0.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.1 (.Microsoft.) M2 - MFEP: prefs.js [HP_Propriétaire - kn1t48o0.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.0.20100326W (.Google Inc..) ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKUS\S-1-5-21-2705973081-667088016-391471673-1008\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Bing R1 - HKUS\S-1-5-21-2705973081-667088016-391471673-1008\Software\Microsoft\Internet Explorer\Main,Search Page = Microsoft Corporation R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [sSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe O4 - HKLM\..\Run: [OpwareSE4] . (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe O4 - HKLM\..\Run: [AlcxMonitor] . (.Realtek Semiconductor Corp. - Realtek Audio - Event Monitor.) -- C:\Windows\ALCXMNTR.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [a-squared] . (.Emsi Software GmbH - Background Guard.) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2705973081-667088016-391471673-1008\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dell Control Utility.lnk . (...) -- C:\Program Files\TM1184\ControlUtility\ControlUtility.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office10\OSA.EXE ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Illustrator 10.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Adobe\Illustrator 10 Evaluation\Support Files\Contents\Windows\Illustrator.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe ImageReady 7.0.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Photoshop 7.0\ImageReady.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop 7.0.lnk . (.Adobe Systems, Incorporated.) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A91000000001}\SC_Reader.ico O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\HP Precisionscan Pro 3.1 .lnk . (.Hewlett-Packard.) -- C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\HP PrecisionScan Pro.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Inkscape.lnk . (...) -- C:\Program Files\Inkscape\inkscape.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation.) -- C:\Program Files\Securitoo\Controle Parental\Controle_parental.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{9012040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{9012040C-6000-11D3-8CFE-0050048383C9}\outicon.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{9012040C-6000-11D3-8CFE-0050048383C9}\pptico.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Microsoft Word.lnk . (...) -- C:\WINDOWS\Installer\{9012040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Multi-channel Sound Manager.lnk - Clé orpheline O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\My PC Choice.lnk . (...) -- C:\hp\VINETLINK\VINETLINK.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\OfferBox Browser.lnk . (...) -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.) O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Examens 2008.lnk - Clé orpheline O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Multi-channel Sound Manager.lnk - Clé orpheline O4 - Global Startup: C:\Documents And Settings\HP_Propriétaire\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~1\MICROS~3\Office10\EXCEL.exe O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.) O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\conn_support.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\conn_support.ico O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - wisup.net O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{20AABDF5-8342-48F5-B0D9-62DA886BC0BD}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{20AABDF5-8342-48F5-B0D9-62DA886BC0BD}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{20AABDF5-8342-48F5-B0D9-62DA886BC0BD}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} . (.Skyline software systems Inc. - TerraExplorerX DLL.) -- C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notification.) -- C:\Windows\System32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (a2AntiMalware) . (.Emsi Software GmbH - a-squared Service.) - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: (avast! Mail Scanner) . (.ALWIL Software - avast! e-Mail Scanner Service.) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: (avast! Web Scanner) . (.ALWIL Software - avast! Web Scanner.) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: (iPodService) . (.Apple Computer, Inc. - iPodService Module.) - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Word.) - C:\Program Files\Microsoft Office\Office10\WINWORD.exe ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Google Software Updater.job ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (AmdK8) . (.Advanced Micro Devices - AMD Processor Driver.) - C:\Windows\System32\DRIVERS\AmdK8.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\processr.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ---\\ Logiciels installés (O42) O42 - Logiciel: - (.Pas de propriétaire.) [HKLM] -- {E9F81423-211E-46B6-9AE0-38568BC5CF6F} O42 - Logiciel: AGCEEP - (.Pas de propriétaire.) [HKLM] -- AGCEEP O42 - Logiciel: ATI Control Panel - (.Pas de propriétaire.) [HKLM] -- {0BEDBD4E-2D34-47B5-9973-57E62B29307C} O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems.) [HKLM] -- ShockwaveFlash O42 - Logiciel: Adobe Illustrator 10 Evaluation - (.Adobe Systems, Inc..) [HKLM] -- {662498D7-B5E8-4FED-87B8-764CD2C640A2} O42 - Logiciel: Adobe Photoshop 7.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop 7.0 O42 - Logiciel: Adobe Reader 9.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A91000000001} O42 - Logiciel: Adobe SVG Viewer 3.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe SVG Viewer O42 - Logiciel: AlacrityPC - (.Ken Salter.) [HKLM] -- {B6D0F294-B844-4FAF-9993-FAC10E9E0F94} O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} O42 - Logiciel: Avery Wizard 3.1 - (.Avery.) [HKLM] -- {B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027} O42 - Logiciel: Belkin 54Mbps Wireless Network Adapter - (.Belkin.) [HKLM] -- {F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE} O42 - Logiciel: Beneton Movie GIF 1.1.1 - (.Beneton Software.) [HKLM] -- Beneton Movie GIF_is1 O42 - Logiciel: Blender (remove only) - (.Pas de propriétaire.) [HKLM] -- Blender O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: CDBurnerXP Pro 3 - (.Free Software.) [HKLM] -- {896D642C-7125-44F0-AC49-A23ABF82209C} O42 - Logiciel: Canon MP Navigator 3.1 - (.Pas de propriétaire.) [HKLM] -- MP Navigator 3.1 O42 - Logiciel: Canon Utilities Easy-PhotoPrint - (.Pas de propriétaire.) [HKLM] -- Easy-PhotoPrint O42 - Logiciel: Compléments d'aide et de support - (.Hewlett Packard.) [HKLM] -- Help and Support Additions O42 - Logiciel: Connexion Facile à Internet - (.Hewlett-Packard.) [HKLM] -- InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} O42 - Logiciel: DELL TrueMobile 1180 Wireless USB - (.Pas de propriétaire.) [HKLM] -- {50D0A606-4E25-460E-A345-5A5695175B30} O42 - Logiciel: Deer Hunter - The 2005 Season - (.Atari, Inc..) [HKLM] -- Deer Hunter 2005_is1 O42 - Logiciel: Dell TM 1184 Wireless Router Control Utility - (.Pas de propriétaire.) [HKLM] -- {DCB91C79-B78B-44B1-A7FE-28DECA6E9245} O42 - Logiciel: DivX Codec - (.DivX, Inc..) [HKLM] -- {7B63B2922B174135AFC0E1377DD81EC2} O42 - Logiciel: DivX Content Uploader - (.DivX, Inc..) [HKLM] -- DivX Content Uploader O42 - Logiciel: DivX Converter - (.DivX, Inc..) [HKLM] -- {B13A7C41581B411290FBC0395694E2A9} O42 - Logiciel: DivX Player - (.DivXNetworks, Inc..) [HKLM] -- {8ADFC4160D694100B5B8A22DE9DCABD9} O42 - Logiciel: DivX Web Player - (.DivX,Inc..) [HKLM] -- {B7050CBDB2504B34BC2A9CA0A692CC29} O42 - Logiciel: Emsisoft Anti-Malware 5.1 - (.Emsi Software GmbH.) [HKLM] -- Emsisoft Anti-Malware_is1 O42 - Logiciel: Enhanced Multimedia Keyboard Solution - (.Pas de propriétaire.) [HKLM] -- KBD O42 - Logiciel: Europa Universalis 2 - (.Pas de propriétaire.) [HKLM] -- {CA5DD6E1-B508-4922-815D-479E3228B17A} O42 - Logiciel: FlightAlpes Autogenpack Sud - (.Pas de propriétaire.) [HKCU] -- FlightAlpes Autogenpack Sud O42 - Logiciel: FlightAlpes BasePack Nord - (.Pas de propriétaire.) [HKLM] -- FlightAlpes BasePack Nord O42 - Logiciel: FlightAlpes BasePack Sud - (.Pas de propriétaire.) [HKLM] -- FlightAlpes BasePack Sud O42 - Logiciel: FlightCorse AutogenPack - (.Pas de propriétaire.) [HKLM] -- FlightCorse AutogenPack O42 - Logiciel: FlightCorse BasePack - (.Pas de propriétaire.) [HKLM] -- FlightCorse BasePack O42 - Logiciel: FlightMediterranee AutogenPack - (.Pas de propriétaire.) [HKLM] -- FlightMediterranee AutogenPack O42 - Logiciel: FlightMediterranee BasePack - (.Pas de propriétaire.) [HKLM] -- FlightMediterranee BasePack O42 - Logiciel: FlightParis AutogenPack - (.Pas de propriétaire.) [HKLM] -- FlightParis AutogenPack O42 - Logiciel: FlightParis BasePack - (.Pas de propriétaire.) [HKLM] -- FlightParis BasePack O42 - Logiciel: FlightPyrenees Orientales AutogenPack - (.Pas de propriétaire.) [HKLM] -- FlightPyrenees Orientales AutogenPack O42 - Logiciel: FlightPyrénées Orientales BasePack - (.Pas de propriétaire.) [HKLM] -- FlightPyrénées Orientales BasePack O42 - Logiciel: FlightRiviera AutogenPack - (.Pas de propriétaire.) [HKLM] -- FlightRiviera AutogenPack O42 - Logiciel: FlightRiviera BasePack - (.Pas de propriétaire.) [HKLM] -- FlightRiviera BasePack O42 - Logiciel: GIMP 2.4.2 - (.Pas de propriétaire.) [HKLM] -- WinGimp-2.0_is1 O42 - Logiciel: GTK+ 2.8.18-1 runtime environment - (.Tor Lillqvist.) [HKLM] -- WinGTK-2_is1 O42 - Logiciel: Google Toolbar for Firefox - (.Google Inc..) [HKLM] -- {2CCBABCB-6427-4A55-B091-49864623C43F} O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {4286E640-B5FB-11DF-AC4B-005056C00008} O42 - Logiciel: Grand Theft Auto Vice City - (.Pas de propriétaire.) [HKLM] -- {4B35F00C-E63D-40DC-9839-DF15A33EAC46} O42 - Logiciel: HP Precisionscan Pro 3.1 - (.Hewlett-Packard.) [HKLM] -- {6B36DEBF-27D0-4B1E-858D-D397091C6C7D} O42 - Logiciel: HP Product Detection - (.Hewlett-Packard Company.) [HKLM] -- {CAE7D1D9-3794-4169-B4DD-964ADBC534EE} O42 - Logiciel: HP Share-to-Web - (.Pas de propriétaire.) [HKLM] -- {748F4870-8350-11D3-B0BF-080009FB4A19} O42 - Logiciel: HP Solution Center 7.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {FE57DE70-95DE-4B64-9266-84DA811053DB} O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5 O42 - Logiciel: ICTS-WinTrader (remove only) - (.Pas de propriétaire.) [HKLM] -- ICTS-WinTrader O42 - Logiciel: Inkscape 0.45.1 - (.Pas de propriétaire.) [HKLM] -- Inkscape O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8} O42 - Logiciel: InterVideo WinDVD Player - (.Pas de propriétaire.) [HKLM] -- {91810AFC-A4F8-4EBA-A5AA-B198BBC81144} O42 - Logiciel: Lecteur Windows Media 10 - (.Pas de propriétaire.) [HKLM] -- Windows Media Player O42 - Logiciel: Logiciel de saisie de commande 2007 - (.Pas de propriétaire.) [HKLM] -- Logiciel de saisie de commande 2007 O42 - Logiciel: Logiciel de saisie de commande Pichon 2008 - (.Pas de propriétaire.) [HKLM] -- Logiciel de saisie de commande Pichon 2008 O42 - Logiciel: Logiciel de saisie de commande Pichon 2009 - (.Pas de propriétaire.) [HKLM] -- Logiciel de saisie de commande Pichon 2009 O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] -- MSNINST O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F} O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Macromedia Shockwave Player - (.Macromedia, Inc..) [HKLM] -- Macromedia Shockwave Player O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Master of Orion II - (.Pas de propriétaire.) [HKLM] -- Orion2DeinstKey O42 - Logiciel: Max Payne - (.Pas de propriétaire.) [HKLM] -- {39930321-4C58-4B8B-BCBF-342698C9801D} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.) [HKLM] -- Microsoft .NET Framework 1.1 (1033) O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack - (.Microsoft.) [HKLM] -- {9A394342-4A68-4EBA-85A6-55B559F4E700} O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2416447) - (.Pas de propriétaire.) [HKLM] -- M2416447 O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Pas de propriétaire.) [HKLM] -- M979906 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Flight Simulator 2004 Un siècle d'aviation - (.Microsoft.) [HKLM] -- Flight Simulator 9.0 O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping O42 - Logiciel: Microsoft Office XP Standard - (.Microsoft Corporation.) [HKLM] -- {9012040C-6000-11D3-8CFE-0050048383C9} O42 - Logiciel: Microsoft Publisher 97 - (.Pas de propriétaire.) [HKLM] -- MSPUB4 O42 - Logiciel: Mozilla Firefox (3.5.15) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.5.15) O42 - Logiciel: OCR Software by I.R.I.S 7.0 - (.HP.) [HKLM] -- HPOCR O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: PC-Doctor for Windows - (.PC-Doctor, Inc..) [HKLM] -- InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F} O42 - Logiciel: PS2 - (.Pas de propriétaire.) [HKLM] -- PS2 O42 - Logiciel: PhotoFiltre Studio - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre Studio O42 - Logiciel: Pro Evolution Soccer 6 - (.KONAMI.) [HKLM] -- InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514} O42 - Logiciel: Project Canarias 2006 - (.CanarySim.) [HKLM] -- {DA46AA5F-4934-4DAC-94E4-7D84AD9A4090} O42 - Logiciel: Python 2.2 pywin32 extensions (build 203) - (.Pas de propriétaire.) [HKLM] -- pywin32-py2.2 O42 - Logiciel: Python 2.2.3 - (.PythonLabs at Zope Corporation.) [HKLM] -- Python 2.2.3 O42 - Logiciel: QuickTime - (.Pas de propriétaire.) [HKLM] -- QuickTime O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0 O42 - Logiciel: ScanSoft OmniPage SE 4 - (.Nuance Communications, Inc..) [HKLM] -- {DEE88727-779B-47A9-ACEF-F87CA5F92A65} O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906 O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473 O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: Sonic Express Labeler - (.Sonic Solutions.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} O42 - Logiciel: Sonic MyDVD Plus - (.Sonic Solutions.) [HKLM] -- {21657574-BD54-48A2-9450-EB03B2C7FC29} O42 - Logiciel: Sonic RecordNow Audio - (.Sonic Solutions.) [HKLM] -- {AB708C9B-97C8-4AC9-899B-DBF226AC9382} O42 - Logiciel: Sonic RecordNow Copy - (.Sonic Solutions.) [HKLM] -- {B12665F4-4E93-4AB4-B7FC-37053B524629} O42 - Logiciel: Sonic RecordNow Data - (.Sonic Solutions.) [HKLM] -- {075473F5-846A-448B-BCB3-104AA1760205} O42 - Logiciel: Sonic Update Manager - (.Sonic Solutions.) [HKLM] -- {30465B6C-B53F-49A1-9EBA-A3F187AD502E} O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: Spybot - Search & Destroy 1.5.2.20 - (.Safer Networking Ltd..) [HKLM] -- Spybot - Search & Destroy_is1 O42 - Logiciel: TerraExplorer - (.Skyline Software Systems, Inc..) [HKLM] -- TerraExplorer O42 - Logiciel: Tradexpert 2.76 - (.Dubus S.A..) [HKLM] -- Tradexpert 2.76_is1 O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: VideoLAN VLC media player 0.8.6i - (.VideoLAN Team.) [HKLM] -- VLC media player O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7 O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B} O42 - Logiciel: Windows Media Format Runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service O42 - Logiciel: Yahoo! Toolbar - (.Pas de propriétaire.) [HKLM] -- Yahoo! Companion O42 - Logiciel: a-squared Anti-Malware 2.0 - (.Emsi Software GmbH.) [HKLM] -- a-squared Anti-Malware_is1 O42 - Logiciel: avast! Antivirus - (.Alwil Software.) [HKLM] -- avast! O42 - Logiciel: iTunes - (.Apple Computer, Inc..) [HKLM] -- InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925} O42 - Logiciel: muvee autoProducer 4.0 - (.muvee Technologies.) [HKLM] -- {FC10C922-52E9-4739-ACD0-EB0FF035EE7E} O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKCU] -- uTorrent ---\\ HKCU & HKLM Software Keys [HKCU\Software\ALWIL Software] [HKCU\Software\Adobe] [HKCU\Software\Alcohol Soft] [HKCU\Software\Andreas Haak] [HKCU\Software\AppConf] [HKCU\Software\Aurigma] [HKCU\Software\Avery] [HKCU\Software\BST] [HKCU\Software\Belkin] [HKCU\Software\BitTorrent] [HKCU\Software\CDBurnerXP Pro 3] [HKCU\Software\CDDB] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\DivXNetworks] [HKCU\Software\Earth Resource Mapping] [HKCU\Software\Emsi Software GmbH] [HKCU\Software\Google] [HKCU\Software\HP] [HKCU\Software\Hewlett-Packard] [HKCU\Software\IM Providers] [HKCU\Software\InstallShield] [HKCU\Software\Intel] [HKCU\Software\InterObject] [HKCU\Software\InterVideo] [HKCU\Software\JavaSoft] [HKCU\Software\KillBox] [HKCU\Software\LLH] [HKCU\Software\LMSoft] [HKCU\Software\LWMViewer] [HKCU\Software\Lake] [HKCU\Software\Leadertech] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Macromedia] [HKCU\Software\Magnet] [HKCU\Software\MainConcept] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Modern UI Test] [HKCU\Software\Mozilla] [HKCU\Software\Netopsystems] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PepiMK Software] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\RealNetworks] [HKCU\Software\Remedy Entertainment] [HKCU\Software\Safer Networking Limited] [HKCU\Software\SampleView] [HKCU\Software\ScanSoft] [HKCU\Software\SecuROM] [HKCU\Software\Skyline] [HKCU\Software\Skype] [HKCU\Software\SlySoft] [HKCU\Software\Snood LLC] [HKCU\Software\Softthinks] [HKCU\Software\Sonic] [HKCU\Software\Sony Corporation] [HKCU\Software\Symantec] [HKCU\Software\Sysinternals] [HKCU\Software\T10QP3808] [HKCU\Software\Usbfix] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\VCRPK] [HKCU\Software\Wget] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKCU\Software\keyhole.com] [HKLM\Software\58f] [HKLM\Software\781] [HKLM\Software\ALWIL Software] [HKLM\Software\ATI Technologies] [HKLM\Software\Adobe] [HKLM\Software\Alcohol Soft] [HKLM\Software\Andreas Haak] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Ariad] [HKLM\Software\Avance] [HKLM\Software\Avery] [HKLM\Software\Belkin] [HKLM\Software\BlenderFoundation] [HKLM\Software\BrowserChoice] [HKLM\Software\C07ft5Y] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\DELL CORPORATION] [HKLM\Software\Debug] [HKLM\Software\Dell] [HKLM\Software\Disney Interactive] [HKLM\Software\DivXNetworks] [HKLM\Software\Earth Resource Mapping] [HKLM\Software\Emsi Software GmbH] [HKLM\Software\FRANCE TELECOM] [HKLM\Software\Florenc] [HKLM\Software\France VFR and FlightScenery] [HKLM\Software\France VFR] [HKLM\Software\FullCircle] [HKLM\Software\GTK] [HKLM\Software\GameSpy] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\HPQ] [HKLM\Software\HP] [HKLM\Software\Hewlett-Packard] [HKLM\Software\InstallShield] [HKLM\Software\InterObject] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\KONAMIPES6] [HKLM\Software\Kodak] [HKLM\Software\LLH] [HKLM\Software\Lake] [HKLM\Software\MDC] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MicroVision] [HKLM\Software\Mindscape] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\OldTimer Tools] [HKLM\Software\PC-Doctor] [HKLM\Software\Paradox Entertainment] [HKLM\Software\PepiMK Software] [HKLM\Software\Photofiltre] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Preview Systems] [HKLM\Software\Program Groups] [HKLM\Software\Project Tempest] [HKLM\Software\Python] [HKLM\Software\RealNetworks] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Remedy Entertainment] [HKLM\Software\Reviversoft] [HKLM\Software\RichFX] [HKLM\Software\Rockstar Games] [HKLM\Software\Safer Networking Limited] [HKLM\Software\ScanSoft] [HKLM\Software\Schlumberger] [HKLM\Software\Scivrvka] [HKLM\Software\Secure] [HKLM\Software\SimTex] [HKLM\Software\Skyline] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\Southlogic] [HKLM\Software\Swearware] [HKLM\Software\Symantec] [HKLM\Software\TM1184] [HKLM\Software\TrendMicro] [HKLM\Software\VideoLAN] [HKLM\Software\Wilson WindowWare] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Xing Technology Corp.] [HKLM\Software\Yahoo] [HKLM\Software\mozilla.org] [HKLM\Software\muvee Technologies] ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/03/2011 - 14:59:54 - [88609440] ----D- C:\Program Files\a-squared Anti-Malware O43 - CFD: 17/06/2009 - 17:50:46 - [523203832] ----D- C:\Program Files\Adobe O43 - CFD: 21/11/2005 - 08:35:58 - [3835068] ----D- C:\Program Files\Alcohol Soft O43 - CFD: 13/03/2008 - 11:57:00 - [239747055] ----D- C:\Program Files\Alwil Software O43 - CFD: 21/02/2007 - 23:44:02 - [613723947] ----D- C:\Program Files\Atari O43 - CFD: 01/01/2005 - 22:24:52 - [16257839] ----D- C:\Program Files\ATI Technologies O43 - CFD: 18/08/2008 - 15:17:04 - [5458626] ----D- C:\Program Files\Avery O43 - CFD: 21/05/2010 - 15:17:06 - [7149014] ----D- C:\Program Files\Belkin O43 - CFD: 30/08/2007 - 14:18:36 - [5675523] ----D- C:\Program Files\Beneton Movie GIF O43 - CFD: 11/07/2008 - 15:27:26 - [28064307] ----D- C:\Program Files\Blender Foundation O43 - CFD: 04/04/2009 - 20:33:56 - [49904469] ----D- C:\Program Files\Canon O43 - CFD: 23/02/2011 - 22:50:06 - [3583520] ----D- C:\Program Files\CCleaner O43 - CFD: 18/08/2006 - 07:05:56 - [20035205] ----D- C:\Program Files\CDBurnerXP Pro 3 O43 - CFD: 24/11/2004 - 02:37:34 - [0] ----D- C:\Program Files\ComPlus Applications O43 - CFD: 03/01/2006 - 00:40:32 - [4601] ----D- C:\Program Files\Dell O43 - CFD: 21/05/2006 - 21:49:26 - [6166527] ----D- C:\Program Files\DELL TrueMobile 1180 Wireless USB O43 - CFD: 03/01/2007 - 11:30:12 - [57071852] ----D- C:\Program Files\DivX O43 - CFD: 02/01/2006 - 15:55:24 - [2930042796] ----D- C:\Program Files\EA GAMES O43 - CFD: 30/04/2009 - 07:28:06 - [34897920] ----D- C:\Program Files\Easy Internet signup O43 - CFD: 13/03/2011 - 16:18:30 - [154396515] ----D- C:\Program Files\Emsisoft Anti-Malware O43 - CFD: 25/03/2011 - 20:57:12 - [790389684] ----D- C:\Program Files\Fichiers communs O43 - CFD: 07/01/2008 - 19:52:18 - [77459983] ----D- C:\Program Files\GIMP-2.0 O43 - CFD: 24/02/2011 - 09:40:22 - [108340348] ----D- C:\Program Files\Google O43 - CFD: 15/10/2005 - 14:24:40 - [7191455] ----D- C:\Program Files\Hewlett Packard O43 - CFD: 04/04/2009 - 10:44:20 - [70241232] ----D- C:\Program Files\Hewlett-Packard O43 - CFD: 18/06/2007 - 14:37:26 - [210676998] ----D- C:\Program Files\HP O43 - CFD: 02/01/2006 - 15:55:58 - [813304] ----D- C:\Program Files\HP Image Zone Express O43 - CFD: 01/01/2005 - 22:49:34 - [554699] ----D- C:\Program Files\HPQ O43 - CFD: 04/07/2008 - 17:11:26 - [3638] ----D- C:\Program Files\Icone O43 - CFD: 21/05/2009 - 03:49:14 - [20530725] ----D- C:\Program Files\ICTS-WinTrader O43 - CFD: 07/01/2008 - 20:08:14 - [122833224] ----D- C:\Program Files\Inkscape O43 - CFD: 21/05/2010 - 15:17:06 - [55826113] --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD: 01/03/2011 - 21:50:50 - [6092807] ----D- C:\Program Files\Internet Explorer O43 - CFD: 24/12/2005 - 16:26:54 - [61621979] ----D- C:\Program Files\InterVideo O43 - CFD: 01/01/2005 - 22:44:40 - [462848] ----D- C:\Program Files\iPod O43 - CFD: 14/03/2011 - 21:09:32 - [14342625] ----D- C:\Program Files\iTunes O43 - CFD: 18/09/2009 - 10:49:08 - [219287285] ----D- C:\Program Files\Java O43 - CFD: 29/08/2006 - 13:14:20 - [9110358] ----D- C:\Program Files\javanns O43 - CFD: 16/04/2009 - 11:25:12 - [2135175] ----D- C:\Program Files\Ken Salter O43 - CFD: 20/04/2008 - 10:13:16 - [2571260816] ----D- C:\Program Files\KONAMI O43 - CFD: 03/05/2008 - 10:15:02 - [417280] ----D- C:\Program Files\labygen O43 - CFD: 04/07/2008 - 17:11:24 - [50416] ----D- C:\Program Files\LETMIN O43 - CFD: 25/02/2008 - 21:18:22 - [27733940] ----D- C:\Program Files\LimeWire O43 - CFD: 23/02/2011 - 22:59:44 - [4922240] ----D- C:\Program Files\Malwarebytes' Anti-Malware O43 - CFD: 21/02/2007 - 23:34:52 - [852547796] ----D- C:\Program Files\Max Payne O43 - CFD: 15/04/2009 - 23:50:24 - [2152579] ----D- C:\Program Files\Messenger O43 - CFD: 21/11/2005 - 08:40:02 - [1019333] ----D- C:\Program Files\Micro Application O43 - CFD: 22/02/2007 - 13:32:28 - [343068667] ----D- C:\Program Files\Microprose O43 - CFD: 29/12/2009 - 17:57:40 - [226432] ----D- C:\Program Files\Microsoft O43 - CFD: 16/03/2008 - 03:00:42 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2 O43 - CFD: 25/11/2004 - 04:27:08 - [0] ----D- C:\Program Files\microsoft frontpage O43 - CFD: 13/05/2006 - 10:10:40 - [10255596384] ----D- C:\Program Files\Microsoft Games O43 - CFD: 21/02/2007 - 21:29:52 - [95814269] ----D- C:\Program Files\Microsoft Office O43 - CFD: 24/01/2009 - 21:56:26 - [72664366] ----D- C:\Program Files\Microsoft Publisher O43 - CFD: 13/08/2010 - 02:01:30 - [128316441] ----D- C:\Program Files\Movie Maker O43 - CFD: 21/12/2010 - 23:12:54 - [33837672] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 16/08/2009 - 01:32:22 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 15/10/2005 - 19:43:22 - [21471559] ----D- C:\Program Files\MSN O43 - CFD: 25/11/2004 - 04:27:30 - [8745735] ----D- C:\Program Files\MSN Gaming Zone O43 - CFD: 15/11/2006 - 22:49:44 - [0] ----D- C:\Program Files\MSXML 4.0 O43 - CFD: 01/01/2005 - 23:13:24 - [81811124] ----D- C:\Program Files\muvee Technologies O43 - CFD: 15/04/2009 - 23:44:28 - [3285523] ----D- C:\Program Files\NetMeeting O43 - CFD: 25/11/2004 - 04:27:42 - [1804] ----D- C:\Program Files\Online Services O43 - CFD: 30/01/2010 - 14:44:08 - [65907043] ----D- C:\Program Files\Orange O43 - CFD: 16/12/2010 - 00:40:54 - [4379321] ----D- C:\Program Files\Outlook Express O43 - CFD: 02/01/2006 - 15:55:54 - [8401069] ----D- C:\Program Files\Papyrus O43 - CFD: 25/02/2006 - 16:32:32 - [481300225] ----D- C:\Program Files\Paradox Entertainment O43 - CFD: 24/10/2005 - 09:22:56 - [77657320] ----D- C:\Program Files\PC-Doctor for Windows O43 - CFD: 29/04/2008 - 18:30:54 - [4682711] ----D- C:\Program Files\PhotoFiltre O43 - CFD: 07/01/2008 - 00:55:52 - [3311450] ----D- C:\Program Files\Picasa2 O43 - CFD: 02/02/2006 - 23:35:42 - [79162820] ----D- C:\Program Files\Real O43 - CFD: 16/08/2009 - 01:32:12 - [36400897] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 23/04/2008 - 18:36:04 - [1571439363] ----D- C:\Program Files\Rockstar Games O43 - CFD: 03/04/2009 - 15:59:18 - [121570105] ----D- C:\Program Files\ScanSoft O43 - CFD: 30/01/2010 - 14:43:58 - [60435509] ----D- C:\Program Files\Securitoo O43 - CFD: 20/04/2010 - 12:55:50 - [34248154] ----D- C:\Program Files\Skyline O43 - CFD: 07/01/2008 - 19:10:20 - [0] ----D- C:\Program Files\SlySoft O43 - CFD: 10/01/2008 - 16:57:36 - [6536] ----D- C:\Program Files\Snood O43 - CFD: 10/01/2008 - 11:59:52 - [8956] ----D- C:\Program Files\Snood 4 Beta O43 - CFD: 01/01/2005 - 22:41:16 - [288035537] ----D- C:\Program Files\Sonic O43 - CFD: 29/12/2009 - 18:18:42 - [86511512] ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD: 02/01/2006 - 15:55:26 - [67605] ----D- C:\Program Files\SurfRobot O43 - CFD: 13/03/2008 - 11:39:54 - [0] ----D- C:\Program Files\Symantec O43 - CFD: 04/02/2007 - 14:16:44 - [26708261] ----D- C:\Program Files\TM1184 O43 - CFD: 05/02/2009 - 19:54:34 - [2143342] ----D- C:\Program Files\Tradexpert2.76 O43 - CFD: 24/11/2004 - 02:37:46 - [0] ----D- C:\Program Files\Uninstall Information O43 - CFD: 28/12/2007 - 20:55:14 - [219952] ----D- C:\Program Files\uTorrent O43 - CFD: 18/07/2008 - 22:21:26 - [33538437] ----D- C:\Program Files\VideoLAN O43 - CFD: 29/12/2009 - 17:56:42 - [45806582] ----D- C:\Program Files\Windows Live O43 - CFD: 29/12/2009 - 17:57:20 - [245112] ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD: 15/04/2009 - 23:44:26 - [4694123] ----D- C:\Program Files\Windows Media Player O43 - CFD: 15/04/2009 - 23:44:26 - [3942655] ----D- C:\Program Files\Windows NT O43 - CFD: 24/11/2004 - 02:37:48 - [0] --H-D- C:\Program Files\WindowsUpdate O43 - CFD: 27/10/2006 - 17:58:50 - [4505019] ----D- C:\Program Files\WinRAR O43 - CFD: 09/01/2006 - 21:56:32 - [1851] ----D- C:\Program Files\WinZip O43 - CFD: 25/11/2004 - 04:28:02 - [0] ----D- C:\Program Files\xerox O43 - CFD: 07/03/2007 - 00:30:08 - [681416] ----D- C:\Program Files\Yahoo! O43 - CFD: 25/03/2011 - 21:59:34 - [3709836] ----D- C:\Program Files\ZHPDiag O43 - CFD: 17/06/2009 - 17:51:30 - [61529194] ----D- C:\Program Files\Fichiers Communs\Adobe O43 - CFD: 04/04/2009 - 20:36:08 - [560] ----D- C:\Program Files\Fichiers Communs\CANON O43 - CFD: 21/02/2007 - 21:30:40 - [86016] ----D- C:\Program Files\Fichiers Communs\Designer O43 - CFD: 21/05/2010 - 15:25:28 - [1468637] ----D- C:\Program Files\Fichiers Communs\France Telecom O43 - CFD: 07/08/2006 - 18:02:26 - [23894037] ----D- C:\Program Files\Fichiers Communs\GTK O43 - CFD: 01/01/2005 - 22:36:22 - [406461] ----D- C:\Program Files\Fichiers Communs\Hewlett-Packard O43 - CFD: 04/04/2009 - 10:46:56 - [0] ----D- C:\Program Files\Fichiers Communs\HP O43 - CFD: 01/01/2005 - 22:48:32 - [20245173] ----D- C:\Program Files\Fichiers Communs\InstallShield O43 - CFD: 01/01/2005 - 22:19:12 - [30716740] ----D- C:\Program Files\Fichiers Communs\Java O43 - CFD: 05/04/2009 - 02:00:40 - [87296389] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD: 25/11/2004 - 04:26:40 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap O43 - CFD: 01/01/2005 - 23:13:32 - [17377121] ----D- C:\Program Files\Fichiers Communs\muvee Technologies O43 - CFD: 25/11/2004 - 04:26:40 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC O43 - CFD: 03/02/2010 - 10:27:46 - [20359875] ----D- C:\Program Files\Fichiers Communs\Real O43 - CFD: 03/04/2009 - 16:00:18 - [210472] ----D- C:\Program Files\Fichiers Communs\ScanSoft Shared O43 - CFD: 01/02/2005 - 09:33:14 - [8106] ----D- C:\Program Files\Fichiers Communs\Services O43 - CFD: 01/01/2005 - 22:40:14 - [26699337] ----D- C:\Program Files\Fichiers Communs\Sonic Shared O43 - CFD: 25/11/2004 - 04:26:42 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD: 01/01/2005 - 22:40:24 - [475136] ----D- C:\Program Files\Fichiers Communs\SureThing Shared O43 - CFD: 25/02/2011 - 10:34:46 - [85160349] ----D- C:\Program Files\Fichiers Communs\Symantec Shared O43 - CFD: 15/04/2009 - 23:44:24 - [18764819] ----D- C:\Program Files\Fichiers Communs\System O43 - CFD: 01/01/2005 - 22:41:16 - [355840] ----D- C:\Program Files\Fichiers Communs\TiVo Shared O43 - CFD: 18/02/2006 - 21:55:28 - [2616132] ----D- C:\Program Files\Fichiers Communs\Vbox O43 - CFD: 29/12/2009 - 17:53:08 - [96413706] ----D- C:\Program Files\Fichiers Communs\Windows Live O43 - CFD: 14/03/2008 - 09:00:24 - [38233043] -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller O43 - CFD: 08/03/2006 - 22:41:46 - [253648896] ----D- C:\Program Files\Fichiers Communs\Wise Installation Wizard O43 - CFD: 03/02/2010 - 10:27:18 - [352256] ----D- C:\Program Files\Fichiers Communs\xing shared O43 - CFD: 13/03/2011 - 22:45:10 - [6899195] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe O43 - CFD: 05/09/2007 - 10:11:06 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM O43 - CFD: 01/01/2005 - 22:44:56 - [59270] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer O43 - CFD: 11/07/2008 - 14:59:48 - [5843285] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Blender Foundation O43 - CFD: 04/04/2009 - 20:36:52 - [4276014] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Canon O43 - CFD: 04/01/2007 - 17:55:14 - [20290] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\DivX O43 - CFD: 15/05/2007 - 21:22:42 - [33459] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Google O43 - CFD: 15/07/2008 - 20:39:44 - [83] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\gtk-2.0 O43 - CFD: 27/10/2006 - 17:58:50 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Help O43 - CFD: 18/06/2007 - 09:55:04 - [4764] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\HP O43 - CFD: 02/01/2006 - 15:55:26 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Identities O43 - CFD: 04/03/2009 - 12:07:04 - [921864] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Image Zone Express O43 - CFD: 07/01/2008 - 21:45:30 - [12829] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Inkscape O43 - CFD: 21/05/2010 - 15:16:56 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield O43 - CFD: 12/02/2006 - 12:07:34 - [344064] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield Installation Information O43 - CFD: 14/10/2005 - 06:46:06 - [5712] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\InterVideo O43 - CFD: 09/08/2006 - 15:22:38 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Lavasoft O43 - CFD: 18/10/2005 - 19:17:16 - [376] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Leadertech O43 - CFD: 25/02/2008 - 21:06:22 - [56343] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire O43 - CFD: 28/04/2006 - 21:52:08 - [2662470] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Macromedia O43 - CFD: 23/02/2011 - 22:59:54 - [1669879] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes O43 - CFD: 11/02/2009 - 22:50:18 - [17210740] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft O43 - CFD: 27/12/2008 - 12:43:46 - [31386347] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla O43 - CFD: 08/01/2010 - 14:49:40 - [1121020] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Real O43 - CFD: 23/02/2011 - 22:40:02 - [973241] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Reviversoft O43 - CFD: 01/01/2005 - 22:57:10 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\SampleView O43 - CFD: 03/04/2009 - 16:00:34 - [16760] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\ScanSoft O43 - CFD: 20/01/2008 - 19:33:46 - [79016] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\skypePM O43 - CFD: 31/05/2006 - 17:04:02 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Sonic O43 - CFD: 02/01/2006 - 22:58:14 - [317938] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Sun O43 - CFD: 02/01/2006 - 20:00:14 - [575] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Symantec O43 - CFD: 03/01/2007 - 13:13:28 - [26158] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Talkback O43 - CFD: 27/10/2005 - 09:23:08 - [8704] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\Template O43 - CFD: 09/02/2009 - 19:27:10 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\U3 O43 - CFD: 04/12/2008 - 13:13:22 - [2360603] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent O43 - CFD: 18/07/2008 - 22:23:22 - [371438] ----D- C:\Documents and Settings\HP_Propriétaire\Application Data\vlc O43 - CFD: 17/06/2009 - 17:59:08 - [213801554] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Adobe O43 - CFD: 01/01/2005 - 22:44:56 - [1133637] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Apple Computer O43 - CFD: 27/10/2008 - 08:45:54 - [52854] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ApplicationHistory O43 - CFD: 24/02/2011 - 09:48:34 - [71821] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google O43 - CFD: 03/04/2010 - 11:43:50 - [10843] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Help O43 - CFD: 15/10/2005 - 09:42:32 - [237169039] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP O43 - CFD: 02/01/2006 - 15:55:26 - [303396] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Identities O43 - CFD: 16/04/2009 - 11:27:10 - [1503] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Ken_Salter O43 - CFD: 20/04/2009 - 19:06:30 - [625409972] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft O43 - CFD: 03/01/2007 - 13:13:14 - [131281] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Mozilla O43 - CFD: 03/04/2009 - 16:06:30 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Scansoft O43 - CFD: 18/10/2010 - 09:18:22 - [0] ----D- C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Temp ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6C51B89904182CC7FDF863AA49FCE0C0] - 25/03/2011 - 21:12:18 ---A- . (...) -- C:\ComboFix.txt [11359] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 25/03/2011 - 21:04:58 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.10ED1300F915817C00ECFD7FE4ED1300] - 25/03/2011 - 20:47:45 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32484] O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 25/03/2011 - 20:47:13 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232] O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 25/03/2011 - 20:47:13 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792] O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 25/03/2011 - 20:47:13 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 25/03/2011 - 20:47:13 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.10ED1300F915817C00ECFD7FE4ED1300] - 25/03/2011 - 12:18:09 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1330091] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/03/2011 - 12:02:39 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.10ED1300F915817C00ECFD7FE4ED1300] - 25/03/2011 - 12:01:56 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] O44 - LFC:[MD5.10ED1300F915817C00ECFD7FE4ED1300] - 25/03/2011 - 12:01:48 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 25/03/2011 - 12:00:30 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.A58F1EDA98D2B541AC91BC41078CB0FE] - 25/03/2011 - 11:32:21 ---A- . (...) -- C:\avenger.txt [3454] O44 - LFC:[MD5.F729045A51896F374FEE1AB23EB8FE7F] - 25/03/2011 - 11:28:22 ---A- . (...) -- C:\cleanup.bat [574] O44 - LFC:[MD5.E314AC4833F27E2289C3B2487A751ED2] - 25/03/2011 - 11:21:08 ---A- . (...) -- C:\UsbFix.txt [7042] O44 - LFC:[MD5.33F25018232D4B154F631E36C8BE7141] - 25/03/2011 - 11:02:11 ---A- . (...) -- C:\UsbFix_Upload_Me_PICASSO.zip [3850045] O44 - LFC:[MD5.5924B7DCE0515D75A7DB1396E1DC9816] - 24/03/2011 - 10:55:49 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [1158] O44 - LFC:[MD5.B97644057B99F39C2B8CD8D9D7D184E3] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [24636] O44 - LFC:[MD5.5BDF79E3DA42D52D092B874E3CE5CB17] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\KB2524375.log [6379] O44 - LFC:[MD5.606BAA70A346146CE42BE2B0CBB51EA4] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\comsetup.log [8081] O44 - LFC:[MD5.0A9E2D898FBCE01EE765677363502A85] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\iis6.log [3865] O44 - LFC:[MD5.4385E175A67A4E6E55EE0A7C4E83093D] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.6E20F7F7C2D382A8A4C49C7D7999C6E0] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\msgsocm.log [1236] O44 - LFC:[MD5.8050DAAB24281360D8C96522BAFC20D8] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [4898] O44 - LFC:[MD5.370334D8F417C5D91A0DA58639AF5667] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\ocgen.log [11824] O44 - LFC:[MD5.171502EEB6D8D35DD878DCD5A90394B9] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\ocmsn.log [1368] O44 - LFC:[MD5.752242DD0F1DD739F757D2D22F8B678E] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\setupapi.log [11335] O44 - LFC:[MD5.3A861BA78614F062BCB2712980A94430] - 24/03/2011 - 03:01:07 ---A- . (...) -- C:\WINDOWS\tsoc.log [9436] O44 - LFC:[MD5.404CFDF8C3D9B732399BED0C19F8B047] - 16/03/2011 - 03:01:57 ---A- . (...) -- C:\WINDOWS\KB971029.log [12357] O44 - LFC:[MD5.DFF0E28DBAC0E70BAA6684A28E315879] - 16/03/2011 - 03:01:57 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.1EF084F7220379FAECCCD457801D1CAD] - 16/03/2011 - 03:01:47 ---A- . (...) -- C:\WINDOWS\updspapi.log [588] O44 - LFC:[MD5.048DD89A41C8F10F84A05E2A7386F6F2] - 13/03/2011 - 22:23:08 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [664344] O44 - LFC:[MD5.44436787FAF9D768161BF1BE83D010A0] - 13/03/2011 - 10:55:27 ---A- . (...) -- C:\WINDOWS\srun.log [12] O44 - LFC:[MD5.48AD3F9F0D8E18A0CB3F36097E6F52E3] - 10/03/2011 - 03:09:32 ---A- . (...) -- C:\WINDOWS\KB2479943.log [11412] O44 - LFC:[MD5.9693B97174B70E0161CE72386F9CD93D] - 10/03/2011 - 03:01:43 ---A- . (...) -- C:\WINDOWS\KB2481109.log [12953] O44 - LFC:[MD5.9E51CABA3D044E48DEC321A8B9298AEC] - 03/03/2011 - 22:28:21 ---A- . (...) -- C:\WINDOWS\win.ini [774] O44 - LFC:[MD5.A6BDDF5454E6BC1224AB34D5910BFE28] - 01/03/2011 - 12:06:22 ---A- . (...) -- C:\WINDOWS\System32\d3d8caps.dat [552] O44 - LFC:[MD5.3A9A54E9FF21A4825E9B40A89674F085] - 26/02/2011 - 11:44:02 ---A- . (...) -- C:\WINDOWS\setupact.log [60] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2011 - 11:44:02 ---A- . (...) -- C:\WINDOWS\setuperr.log [0] O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 08/11/2010 - 01:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [89088] O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 15:58:12 ---A- . (...) -- C:\WINDOWS\PEV.exe [256512] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 08:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 08:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 08:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096] ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.49C3C8538D86D854ABA386A5F6D02B71] - 01/03/2011 - 21:31:06 ---A- - C:\WINDOWS\Prefetch\CF10215.CFXXE-046019A3.pf O45 - LFCP:[MD5.835C158841FB1AE89D3F93F9D665B611] - 24/03/2011 - 11:16:26 ---A- - C:\WINDOWS\Prefetch\Layout.ini O45 - LFCP:[MD5.6114E45ECD5F069C72AEC9D60C0DD94A] - 25/03/2011 - 11:29:08 ---A- - C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf O45 - LFCP:[MD5.D4D5E3466248CF45BFBED8201246DEA0] - 25/03/2011 - 12:02:33 ---A- - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.368ABA0B2CBEECEE8D636716AEE753DA] - 25/03/2011 - 12:02:58 ---A- - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf O45 - LFCP:[MD5.A545991B9701CC2EDAEB3312F62DB081] - 25/03/2011 - 12:05:02 ---A- - C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf O45 - LFCP:[MD5.D586A3FAC266986AA39B036F7B138F16] - 25/03/2011 - 12:21:29 ---A- - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf O45 - LFCP:[MD5.02397BC61CB69B0727A3A445C3F919DF] - 25/03/2011 - 13:33:33 ---A- - C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf O45 - LFCP:[MD5.3461D9719CD692EE11D86D040A4CF899] - 25/03/2011 - 14:47:25 ---A- - C:\WINDOWS\Prefetch\SSPIPES.SCR-111D20AE.pf O45 - LFCP:[MD5.0252D6F5C228E40BF988812D472E712F] - 25/03/2011 - 17:32:10 ---A- - C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf O45 - LFCP:[MD5.89B564AE35076C5BE6465D20A6E3F9AF] - 25/03/2011 - 17:32:17 ---A- - C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-1D8A4379.pf O45 - LFCP:[MD5.8A1CBFC75F57F3A87B209050DDD0A13B] - 25/03/2011 - 20:22:06 ---A- - C:\WINDOWS\Prefetch\AVAST.SETUP-295443AF.pf O45 - LFCP:[MD5.F44EDB14AA6EC7AEB18E531D184C0A7C] - 25/03/2011 - 20:44:45 ---A- - C:\WINDOWS\Prefetch\CF22819.CFXXE-2EE41556.pf O45 - LFCP:[MD5.F1652C988EC2295971653BB27BD22046] - 25/03/2011 - 20:44:54 ---A- - C:\WINDOWS\Prefetch\NIRCMDB.EXE-2F733B3E.pf O45 - LFCP:[MD5.3C873DA019E7A56829F93C9A5AA0A068] - 25/03/2011 - 20:46:28 ---A- - C:\WINDOWS\Prefetch\COMBOFIX.EXE-22DBCA6F.pf O45 - LFCP:[MD5.1BA49AF7106F4B4CF85DF43508517D43] - 25/03/2011 - 20:46:32 ---A- - C:\WINDOWS\Prefetch\N.PIF-2ACDD654.pf O45 - LFCP:[MD5.82FE6EBF64A21B1F93435FA7316DEB72] - 25/03/2011 - 20:46:33 ---A- - C:\WINDOWS\Prefetch\PEV.EXE-0AB51BE4.pf O45 - LFCP:[MD5.25432337EC2899757CDB85B9073B98B2] - 25/03/2011 - 20:46:35 ---A- - C:\WINDOWS\Prefetch\IEXPLORE.EXE-030260BF.pf O45 - LFCP:[MD5.C523DCCE0C1CADB8F773772DB8C85137] - 25/03/2011 - 20:46:37 ---A- - C:\WINDOWS\Prefetch\HIDEC.EXE-110154A1.pf O45 - LFCP:[MD5.6ADC0C9D5821B7E7C31DE1E7634C9BE3] - 25/03/2011 - 20:46:41 ---A- - C:\WINDOWS\Prefetch\FIREFOX.EXE-01B8D025.pf O45 - LFCP:[MD5.EA9C6B55D2A29DE4CF6CE8CEB85B9C74] - 25/03/2011 - 20:46:41 ---A- - C:\WINDOWS\Prefetch\FIREFOX.EXE-0DB651BD.pf O45 - LFCP:[MD5.1B37B31DBBAA821E65FA8AAE8F4513FB] - 25/03/2011 - 20:46:41 ---A- - C:\WINDOWS\Prefetch\IEXPLORE.EXE-25E064CA.pf O45 - LFCP:[MD5.80709FB2B4BD05FD6FD1319E6444C9E4] - 25/03/2011 - 20:46:42 ---A- - C:\WINDOWS\Prefetch\SWREG.EXE-20DD5B9B.pf O45 - LFCP:[MD5.C27A338FB108BD300240DB051010072C] - 25/03/2011 - 20:46:45 ---A- - C:\WINDOWS\Prefetch\GRPCONV.EXE-375690AD.pf O45 - LFCP:[MD5.11017B39A0F6537B55D6F615BFD455CD] - 25/03/2011 - 20:46:45 ---A- - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4853FA67.pf O45 - LFCP:[MD5.08D3F96B21E87182806346EE7DDAEC58] - 25/03/2011 - 20:46:45 ---A- - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf O45 - LFCP:[MD5.0F8B697A975F3259C1FC19E47A8C31E2] - 25/03/2011 - 20:46:48 ---A- - C:\WINDOWS\Prefetch\GSAR.CFXXE-301E7415.pf O45 - LFCP:[MD5.F0E4BF1F1E2A4B6572C69AC5D945A5F3] - 25/03/2011 - 20:46:48 ---A- - C:\WINDOWS\Prefetch\NIRCMD.CFXXE-258F36B6.pf O45 - LFCP:[MD5.4B482F88316A0FB271DC09BD54EDD9E7] - 25/03/2011 - 20:46:48 ---A- - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf O45 - LFCP:[MD5.2B7F62DA8BC8BD9D93974DFE91CF8D3E] - 25/03/2011 - 20:46:50 ---A- - C:\WINDOWS\Prefetch\GREP.CFXXE-058D1CFD.pf O45 - LFCP:[MD5.4557CC5419D39322915F00115F8B1E5E] - 25/03/2011 - 20:46:53 ---A- - C:\WINDOWS\Prefetch\CSCRIPT.EXE-0A13A05C.pf O45 - LFCP:[MD5.222B5E23C9DBD0110D5BE92E28C091D9] - 25/03/2011 - 20:46:53 ---A- - C:\WINDOWS\Prefetch\SED.CFXXE-26699FCF.pf O45 - LFCP:[MD5.83C3E198BCD2E50A7272301BE71BF1C5] - 25/03/2011 - 20:46:53 ---A- - C:\WINDOWS\Prefetch\SWREG.CFXXE-164FC802.pf O45 - LFCP:[MD5.6BF7E8FBCEB1953DC6B5F52F66FE6F2F] - 25/03/2011 - 20:46:55 ---A- - C:\WINDOWS\Prefetch\CMD.CFXXE-1073D757.pf O45 - LFCP:[MD5.EC402936E422A2F840DAC01C05513EC8] - 25/03/2011 - 20:46:55 ---A- - C:\WINDOWS\Prefetch\NIRCMDC.CFXXE-1EF93FDF.pf O45 - LFCP:[MD5.9C5EBACA24499BF7BDC02A149FE8F8F6] - 25/03/2011 - 20:46:56 ---A- - C:\WINDOWS\Prefetch\HANDLE.CFXXE-1ED26E07.pf O45 - LFCP:[MD5.DF4B83ACF3D848A209A52B93C76B024C] - 25/03/2011 - 20:46:56 ---A- - C:\WINDOWS\Prefetch\RMBR.CFXXE-2B2725AA.pf O45 - LFCP:[MD5.DC7C2BA51E00FA4355B936FA6C66462E] - 25/03/2011 - 20:46:56 ---A- - C:\WINDOWS\Prefetch\SWSC.CFXXE-1A6C2E33.pf O45 - LFCP:[MD5.45245A21224E7F45D6CD009B9B3AB4FF] - 25/03/2011 - 20:46:57 ---A- - C:\WINDOWS\Prefetch\ATTRIB.CFXXE-1334C304.pf O45 - LFCP:[MD5.541FEBEA152F739995E060B59E5C5A12] - 25/03/2011 - 20:46:57 ---A- - C:\WINDOWS\Prefetch\SWXCACLS.CFXXE-082AB030.pf O45 - LFCP:[MD5.6BB5E58E6D64AFD2BDBD18AE5F0F08B4] - 25/03/2011 - 20:47:00 ---A- - C:\WINDOWS\Prefetch\CSCRIPT.CFXXE-2047784A.pf O45 - LFCP:[MD5.E2D8FDFAE7AC3BE964EA01A2766042DE] - 25/03/2011 - 20:47:00 ---A- - C:\WINDOWS\Prefetch\PEV.CFXXE-234F95B8.pf O45 - LFCP:[MD5.4F3166D3C8A7086EE7E23E4F5F39BF44] - 25/03/2011 - 20:47:02 ---A- - C:\WINDOWS\Prefetch\ATTRIB.EXE-15ACDFFE.pf O45 - LFCP:[MD5.C1C0861EC4B6C11F67E00CAC5D63B78B] - 25/03/2011 - 20:47:02 ---A- - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf O45 - LFCP:[MD5.5C8EAA802ABA9FBCBE38322E5A56CDCB] - 25/03/2011 - 20:47:04 ---A- - C:\WINDOWS\Prefetch\ATTRIB.CFXXE-2659F53E.pf O45 - LFCP:[MD5.068606C2D01D1BD8B863441ADC57CC48] - 25/03/2011 - 20:47:04 ---A- - C:\WINDOWS\Prefetch\NIRCMD.CFXXE-13FF818C.pf O45 - LFCP:[MD5.2A60B41982EE31B12632F20EAB3983F6] - 25/03/2011 - 20:47:06 ---A- - C:\WINDOWS\Prefetch\FINDSTR.EXE-1A4FC238.pf O45 - LFCP:[MD5.A5DC696702B4160BB33187BA7E16F230] - 25/03/2011 - 20:47:09 ---A- - C:\WINDOWS\Prefetch\PV.CFXXE-22055E2E.pf O45 - LFCP:[MD5.5AB18EC2922B31575D94C0F6D2804EFB] - 25/03/2011 - 20:47:10 ---A- - C:\WINDOWS\Prefetch\PING.EXE-30F9CA9D.pf O45 - LFCP:[MD5.201F831DB12BE77144CEFD114E663457] - 25/03/2011 - 20:47:11 ---A- - C:\WINDOWS\Prefetch\COMBOFIX-DOWNLOAD.CFXXE-2BE3D9AE.pf O45 - LFCP:[MD5.4C75ADF2C6B0DC62037E36D2DB6EFCE7] - 25/03/2011 - 20:47:11 ---A- - C:\WINDOWS\Prefetch\PING.CFXXE-0ECE27F3.pf O45 - LFCP:[MD5.CFAE7A0C31FA1C4651E3A877FA7FF9B6] - 25/03/2011 - 20:47:11 ---A- - C:\WINDOWS\Prefetch\SORT.EXE-19728AC5.pf O45 - LFCP:[MD5.F89C2BF3DD52313A3190C79B966DD1A3] - 25/03/2011 - 20:47:13 ---A- - C:\WINDOWS\Prefetch\SWSC.CFXXE-1BF2C69F.pf O45 - LFCP:[MD5.757580C3696BE1ADEDB0F69A8B1DC6D5] - 25/03/2011 - 20:47:14 ---A- - C:\WINDOWS\Prefetch\HIDEC.EXE-2888B6D9.pf O45 - LFCP:[MD5.BF9346211F2933E6EF08A2BF62CCA04C] - 25/03/2011 - 20:47:15 ---A- - C:\WINDOWS\Prefetch\PEV.EXE-2D02605A.pf O45 - LFCP:[MD5.9671C5EE9A3F963E12022C0D323EE118] - 25/03/2011 - 20:47:17 ---A- - C:\WINDOWS\Prefetch\SWREG.EXE-2E6304DD.pf O45 - LFCP:[MD5.AC30E806B72CBF8E4010AD4A47E0C637] - 25/03/2011 - 20:47:21 ---A- - C:\WINDOWS\Prefetch\CF23308.CFXXE-33B51320.pf O45 - LFCP:[MD5.567E50E1039D4B19968114CD5D476D07] - 25/03/2011 - 20:47:21 ---A- - C:\WINDOWS\Prefetch\GREP.EXE-1C6A2624.pf O45 - LFCP:[MD5.69DB889FA79CAA80E46A1392B7D0A99D] - 25/03/2011 - 20:47:21 ---A- - C:\WINDOWS\Prefetch\SED.EXE-1EFB2ADD.pf O45 - LFCP:[MD5.974B62F48F817780AAD550AE4B919A2E] - 25/03/2011 - 20:47:26 ---A- - C:\WINDOWS\Prefetch\GSAR.CFXXE-064080BD.pf O45 - LFCP:[MD5.A3ADC9C73615AE01231CEF405429D15E] - 25/03/2011 - 20:47:41 ---A- - C:\WINDOWS\Prefetch\CSCRIPT.CFXXE-2F177610.pf O45 - LFCP:[MD5.BE239AF2C92618FEAA3CA059D76D1148] - 25/03/2011 - 20:47:41 ---A- - C:\WINDOWS\Prefetch\NIRKMD.CFXXE-17B2DE54.pf O45 - LFCP:[MD5.B85205E48532DDF0DDBC638DA69F8A9D] - 25/03/2011 - 21:12:19 ---A- - C:\WINDOWS\Prefetch\NIRCMDC.CFXXE-1A723DB9.pf O45 - LFCP:[MD5.B6E1DEA910386426445C2EB9E73F3FEA] - 25/03/2011 - 21:12:20 ---A- - C:\WINDOWS\Prefetch\DUMPHIVE.CFXXE-0FFD4E49.pf O45 - LFCP:[MD5.81048F242118E0619DF6654299740FDF] - 25/03/2011 - 21:12:20 ---A- - C:\WINDOWS\Prefetch\SETPATH.CFXXE-29154159.pf O45 - LFCP:[MD5.09DB2C81CC88F017C8CA857744D311B9] - 25/03/2011 - 21:12:21 ---A- - C:\WINDOWS\Prefetch\PEV.EXE-38CD9EA3.pf O45 - LFCP:[MD5.91CBF0E1399D31DBA22398B12F717974] - 25/03/2011 - 21:12:22 ---A- - C:\WINDOWS\Prefetch\CHCP.COM-17EDBDC9.pf O45 - LFCP:[MD5.1E74D341ACA06861580564B3C9D8F7A4] - 25/03/2011 - 21:12:22 ---A- - C:\WINDOWS\Prefetch\GREP.CFXXE-1143901C.pf O45 - LFCP:[MD5.876DB7F5B7F43C71E9906404713C0644] - 25/03/2011 - 21:12:22 ---A- - C:\WINDOWS\Prefetch\SWREG.CFXXE-2EA30468.pf O45 - LFCP:[MD5.54281797350E62AEA26CCBF73374507C] - 25/03/2011 - 21:12:23 ---A- - C:\WINDOWS\Prefetch\SWXCACLS.CFXXE-1399F302.pf O45 - LFCP:[MD5.F9C4A02869AE895D3163FA74E6B34AE3] - 25/03/2011 - 21:12:24 ---A- - C:\WINDOWS\Prefetch\HANDLE.CFXXE-1ABC4A3B.pf O45 - LFCP:[MD5.1C8D1AE183B2E3BC70A4EF90D9DE8BD9] - 25/03/2011 - 21:12:24 ---A- - C:\WINDOWS\Prefetch\PEV.CFXXE-163A75C2.pf O45 - LFCP:[MD5.3FBC5B904615E07FA8A1F3668EAEABB4] - 25/03/2011 - 21:12:24 ---A- - C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf O45 - LFCP:[MD5.4FDF371345972EA62C20DC63787B845F] - 25/03/2011 - 21:12:24 ---A- - C:\WINDOWS\Prefetch\SED.CFXXE-13206BAB.pf O45 - LFCP:[MD5.1E12AB04856BCD9C6AC42DB1B0A8997B] - 25/03/2011 - 21:12:25 ---A- - C:\WINDOWS\Prefetch\NIRCMD.EXE-3789D3CC.pf O45 - LFCP:[MD5.7DDE51991205D8F2D1EA7F91264420D5] - 25/03/2011 - 21:16:19 ---A- - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-160E1F62.pf O45 - LFCP:[MD5.DC4F0BA08317651AA79B2359C509E599] - 25/03/2011 - 21:53:05 ---A- - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf O45 - LFCP:[MD5.975839B3355A35BEBA9FB215C072F4FA] - 25/03/2011 - 21:58:53 ---A- - C:\WINDOWS\Prefetch\ZHPDIAG.EXE-25C13877.pf O45 - LFCP:[MD5.3910EF101DDD0B3D1D52B1159B11DE97] - 25/03/2011 - 21:59:33 ---A- - C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\iTunes\iTunes.exe" [Enabled] .(.Apple Computer, Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" [Enabled] .(.Microsoft Corporation - Microsoft Flight Simulator.) -- C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpnsvr.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay8 Server.) -- C:\WINDOWS\system32\dpnsvr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Real\RealPlayer\realplay.exe" [Enabled] .(.RealNetworks, Inc. - RealPlayer.) -- C:\Program Files\Real\RealPlayer\realplay.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) -- C:\Program Files\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe" [Disabled] .(.KONAMI - pes6.exe.) -- C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "%ProgramFiles%\iTunes\iTunes.exe" [Enabled] .(.Apple Computer, Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\WINDOWS\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \Drivers32\"vidc.yv12"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\WINDOWS\System32\DivX.dll O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.4.0 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0 ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.1F61CACACB521215F39061789147968C] - 30/04/2004 - 09:37:02 ---A- . (.Pas de propriétaire - Plug and Play BIOS Extension.) -- C:\WINDOWS\system32\drivers\a347bus.sys [160640] O58 - SDL:[MD5.113E4B318BBAA7483CA4E582A4D63F49] - 30/04/2004 - 09:33:00 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\drivers\a347scsi.sys [5248] O58 - SDL:[MD5.2CCFA74242741CA22A4267CCE9B586F4] - 24/11/2009 - 23:47:54 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys [27408] O58 - SDL:[MD5.2F7F3E8DA380325866E566F5D5EC23D5] - 21/05/2010 - 15:17:16 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys [20747] O58 - SDL:[MD5.781C5EC517C53F5214B61253B20C13C4] - 20/04/2005 - 19:00:56 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2317696] O58 - SDL:[MD5.62271FF14BAA810323AC816C5D355BA9] - 09/03/2005 - 22:53:00 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\AmdK8.sys [43008] O58 - SDL:[MD5.B4079A98F294A3E262872CB76F4849F0] - 24/11/2009 - 23:50:00 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [20560] O58 - SDL:[MD5.F5296ECFCBFE5935253AE6C29E6D086E] - 24/11/2009 - 23:51:09 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys [93424] O58 - SDL:[MD5.DBEE7B5ECB50FC2CF9323F52CBF41141] - 24/11/2009 - 23:50:59 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys [94160] O58 - SDL:[MD5.8080D683489C99CBACE813F6FA4069CC] - 24/11/2009 - 23:48:57 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys [23120] O58 - SDL:[MD5.2E5A2AD5004B55DF39B7606130A88142] - 24/11/2009 - 23:50:12 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys [114768] O58 - SDL:[MD5.D4C83A37EFADFA2C398362E0776E3773] - 24/11/2009 - 23:49:07 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys [48560] O58 - SDL:[MD5.10ED1300F915817C00ECFD7FE4ED1300] - 05/08/2004 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\atapi.sys [95360] O58 - SDL:[MD5.E9EBF7DCA6C5EB9C597035A10A5A6A1B] - 06/04/2005 - 05:58:48 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [1035776] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 19:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.9085EBEED5503C392B03F4CC129D779B] - 09/08/2002 - 14:46:10 ---A- . (.DELL Corporation - DELL Wireless NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\DELUSB_51.sys [606208] O58 - SDL:[MD5.2FB04DB459C71F416EE8B05448CA4AC3] - 14/09/2004 - 21:38:26 ---A- . (.GEAR Software Inc. - CDRom Class Filter Driver.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [13872] O58 - SDL:[MD5.30CA91E657CEDE2F95359D6EF186F650] - 13/04/2006 - 02:04:39 R--A- . (.HP - IEEE-1284.4-1999 Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZid412.sys [49664] O58 - SDL:[MD5.EFD31AFA752AA7C7BBB57BCBE2B01C78] - 13/04/2006 - 02:04:39 R--A- . (.HP - IEEE-1284.4-1999 Print Class Driver.) -- C:\WINDOWS\system32\drivers\HPZipr12.sys [16496] O58 - SDL:[MD5.7AC43C38CA8FD7ED0B0A4466F753E06E] - 13/04/2006 - 02:04:39 ---A- . (.HP - 1284.4<->Usb Datalink Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZius12.sys [21568] O58 - SDL:[MD5.919DE7D76D2C0C0139E08B3E7592D62E] - 04/08/2004 - 07:46:46 ---A- . (.LT - LT Windows Modem.) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys [607452] O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952] O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032] O58 - SDL:[MD5.505CBA425DF3BB230F244E1C23221058] - 19/01/2005 - 17:21:56 ---A- . (.Windows ® 2000 DDK provider - PCDR NDIS User mode I/O Driver.) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys [12416] O58 - SDL:[MD5.231F133B4A5A04307ABD95CAC80FD063] - 23/03/2000 - 05:42:24 ---A- . (.PC-Doctor Inc. - PC-Doctor NT Support Driver.) -- C:\WINDOWS\system32\drivers\PcdrNt.sys [44192] O58 - SDL:[MD5.390C204CED3785609AB24E9C52054A84] - 12/12/2005 - 17:27:00 ---A- . (.Hewlett-Packard Company - PS2 SYS.) -- C:\WINDOWS\system32\drivers\PS2.sys [19072] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.2EF9C0DC26B30B2318B1FC3FAA1F0AE7] - 04/10/2002 - 18:04:10 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8139/810x Family NDIS 5.1 Drv.) -- C:\WINDOWS\system32\drivers\R8139n51.sys [46976] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 19:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032] O58 - SDL:[MD5.4F153709D0691C6DE8C9A4C5E813907C] - 02/10/2007 - 03:06:40 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\drivers\rt73.sys [451968] O58 - SDL:[MD5.D507C1400284176573224903819FFDA3] - 04/08/2004 - 05:31:34 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8139 NDIS 5.0 Driver.) -- C:\WINDOWS\system32\drivers\RTL8139.sys [20992] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.A1ECEEAA5C5E74B2499EB51D38185B84] - 17/08/2001 - 21:56:16 ---A- . (.Sony Corporation - Sony USB Lower Filter driver.) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS [7552] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 19:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 19:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.FE5F310E37E228022C48EFA7BFC31C28] - 01/01/2005 - 22:47:13 ---A- . (...) -- C:\WINDOWS\system32\CHODDI.SYS [13859] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.6BDADA8549301714A96F0A11AB7E1044] - 26/10/1998 - 22:26:20 ---A- . (...) -- C:\WINDOWS\system32\Digita.sys [65864] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 19:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] O58 - SDL:[MD5.B670C5D89F0726B7A2A7DFB4E968CDF8] - 24/08/2009 - 13:22:58 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\WINDOWS\system32\pcampr5.sys [34688] O58 - SDL:[MD5.ECD2F9D67B06606064DAF6961A6D5EFE] - 24/08/2009 - 13:22:58 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\pcandis5.sys [32128] ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC:Last File Created 22/03/2011 - 00:56:40 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\6.0\26\457dee9a-74e2034d [3133] O61 - LFC:Last File Created 22/03/2011 - 00:56:40 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\6.0\26\457dee9a-74e2034d.idx [489] O61 - LFC:Last File Created 22/03/2011 - 00:56:40 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-65846a54 [3029] O61 - LFC:Last File Created 22/03/2011 - 00:56:40 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-65846a54.idx [488] O61 - LFC:Last File Created 22/03/2011 - 00:56:40 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed [1] O61 - LFC:Last File Created 22/03/2011 - 02:56:37 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\CMGQ9H0X\cid-4cea2aca921c5e4e.profile.live[1].xml [13] O61 - LFC:Last File Created 22/03/2011 - 06:02:08 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\OSUP4I6M\sn130w.snt130.mail.live[1].xml [13] O61 - LFC:Last File Created 22/03/2011 - 06:02:44 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\TAD2VSPL\cid-becb3528a3ad752e.profile.live[1].xml [13] O61 - LFC:Last File Created 22/03/2011 - 07:06:56 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\2A6Z39TP\co118w.col118.mail.live[1].xml [13] O61 - LFC:Last File Created 22/03/2011 - 07:07:44 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\CMGQ9H0X\cid-29d0019ec6cf4caa.profile.live[1].xml [13] O61 - LFC:Last File Created 22/03/2011 - 10:53:56 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@compagnie-provencale[1].txt [417] O61 - LFC:Last File Created 22/03/2011 - 13:23:15 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@pagesjaunes[2].txt [367] O61 - LFC:Last File Created 22/03/2011 - 13:26:35 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.pagesjaunes[1].txt [1228] O61 - LFC:Last File Created 22/03/2011 - 13:26:38 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@horyzon-media[2].txt [475] O61 - LFC:Last File Created 22/03/2011 - 13:31:23 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@google[10].txt [129] O61 - LFC:Last File Created 22/03/2011 - 13:31:35 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@CAP51SOW.txt [347] O61 - LFC:Last File Created 22/03/2011 - 14:34:59 ---A- C:\Documents And Settings\LocalService\Local Settings\Application Data\32C2EEAF-79B6-0261-3C86-5B83C0688136.txt [3256] O61 - LFC:Last File Created 22/03/2011 - 14:43:27 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.cdg13[1].txt [81] O61 - LFC:Last File Created 22/03/2011 - 14:44:21 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@62.244.81[2].txt [350] O61 - LFC:Last File Created 22/03/2011 - 14:52:36 ---A- C:\Documents And Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP140 series Printer\Drvlog\Canon MP140 series Printer\drvlog2 [364] O61 - LFC:Last File Created 22/03/2011 - 20:25:13 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@bouyguestelecom.solution.weborama[2].txt [470] O61 - LFC:Last File Created 22/03/2011 - 20:26:19 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@reactivpub[5].txt [210] O61 - LFC:Last File Created 22/03/2011 - 20:26:33 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@adnext[6].txt [1323] O61 - LFC:Last File Created 22/03/2011 - 20:26:51 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.beaute-test[1].txt [87] O61 - LFC:Last File Created 22/03/2011 - 20:26:52 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@fl01.ct2.comclick[1].txt [925] O61 - LFC:Last File Created 22/03/2011 - 20:27:16 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@reussissonsensemble[2].txt [898] O61 - LFC:Last File Created 22/03/2011 - 20:27:21 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@metaffiliation[1].txt [758] O61 - LFC:Last File Created 22/03/2011 - 20:27:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@beaute-test[2].txt [387] O61 - LFC:Last File Created 22/03/2011 - 20:27:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@tracking.publicidees[1].txt [178] O61 - LFC:Last File Created 22/03/2011 - 20:28:00 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.ogcnice[2].txt [252] O61 - LFC:Last File Created 22/03/2011 - 20:30:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ogcnice[1].txt [367] O61 - LFC:Last File Created 22/03/2011 - 22:11:37 --H-- C:\Documents And Settings\HP_Propriétaire\Application Data\Canon\MP Navigator V31\history\sc\hstr_0086.lnk [857] O61 - LFC:Last File Created 22/03/2011 - 22:11:37 --H-- C:\Documents And Settings\HP_Propriétaire\Application Data\Canon\MP Navigator V31\history\sc\hstr_0087.lnk [857] O61 - LFC:Last File Created 22/03/2011 - 22:11:37 --H-- C:\Documents And Settings\HP_Propriétaire\Application Data\Canon\MP Navigator V31\history\sc\hstr_0088.lnk [857] O61 - LFC:Last File Created 22/03/2011 - 22:13:26 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@cetelem.solution.weborama[2].txt [433] O61 - LFC:Last File Created 22/03/2011 - 22:17:10 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\nouvelles antilles_0001.lnk [907] O61 - LFC:Last File Created 22/03/2011 - 22:17:34 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\nouvelles antilles_0002.lnk [907] O61 - LFC:Last File Created 22/03/2011 - 22:17:56 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\Sophie-Word.lnk [643] O61 - LFC:Last File Created 22/03/2011 - 22:17:56 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\nouvelles antilles_0003.lnk [907] O61 - LFC:Last File Created 22/03/2011 - 22:22:25 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@idtgv[1].txt [73] O61 - LFC:Last File Created 22/03/2011 - 22:23:49 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ventes.idtgv[1].txt [652] O61 - LFC:Last File Created 22/03/2011 - 22:23:55 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@solution.weborama[1].txt [103] O61 - LFC:Last File Created 22/03/2011 - 22:23:56 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@idtgv.solution.weborama[1].txt [725] O61 - LFC:Last File Created 22/03/2011 - 22:23:56 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.idtgv[1].txt [255] O61 - LFC:Last File Created 22/03/2011 - 22:25:01 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@easyjet[2].txt [470] O61 - LFC:Last File Created 22/03/2011 - 22:25:03 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@amgdgt[3].txt [536] O61 - LFC:Last File Created 22/03/2011 - 22:27:23 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@prisma-presse[3].txt [183] O61 - LFC:Last File Created 22/03/2011 - 22:27:23 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@programme-tv[2].txt [232] O61 - LFC:Last File Created 22/03/2011 - 22:27:24 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@onad[1].txt [80] O61 - LFC:Last File Created 22/03/2011 - 22:27:27 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@abmr[1].txt [202] O61 - LFC:Last File Created 22/03/2011 - 22:27:27 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ads.pubmatic[1].txt [144] O61 - LFC:Last File Created 22/03/2011 - 22:27:27 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@showadsak.pubmatic[2].txt [89] O61 - LFC:Last File Created 22/03/2011 - 22:27:29 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@specificclick[5].txt [262] O61 - LFC:Last File Created 22/03/2011 - 22:27:31 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@openx[2].txt [103] O61 - LFC:Last File Created 22/03/2011 - 22:27:31 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@pixel.rubiconproject[2].txt [112] O61 - LFC:Last File Created 22/03/2011 - 22:27:32 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@audienceiq[1].txt [93] O61 - LFC:Last File Created 22/03/2011 - 22:27:32 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@contextweb[1].txt [84] O61 - LFC:Last File Created 22/03/2011 - 22:27:32 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@mediabrandsww[2].txt [96] O61 - LFC:Last File Created 22/03/2011 - 22:27:32 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@p-td[2].txt [87] O61 - LFC:Last File Created 22/03/2011 - 22:27:32 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@turn[2].txt [550] O61 - LFC:Last File Created 22/03/2011 - 22:27:33 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@quantserve[3].txt [185] O61 - LFC:Last File Created 22/03/2011 - 22:27:36 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.player.filmtrailer.com\settings.sol [96] O61 - LFC:Last File Created 22/03/2011 - 22:27:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@pubmatic[3].txt [1353] O61 - LFC:Last File Created 23/03/2011 - 01:30:50 ---A- C:\Documents And Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log [1079426] O61 - LFC:Last File Created 23/03/2011 - 01:31:00 ---A- C:\Documents And Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [126106] O61 - LFC:Last File Created 23/03/2011 - 10:32:05 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@particuliers.societegenerale[1].txt [306] O61 - LFC:Last File Created 23/03/2011 - 10:32:43 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@particuliers.secure.societegenerale[1].txt [330] O61 - LFC:Last File Created 23/03/2011 - 10:32:43 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@societegenerale[1].txt [81] O61 - LFC:Last File Created 23/03/2011 - 10:32:44 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@societegenerale.solution.weborama[2].txt [257] O61 - LFC:Last File Created 23/03/2011 - 10:32:44 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@weborama[7].txt [181] O61 - LFC:Last File Created 23/03/2011 - 14:05:18 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@voyages-sncf[2].txt [487] O61 - LFC:Last File Created 23/03/2011 - 14:05:18 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.voyages-sncf[1].txt [118] O61 - LFC:Last File Created 23/03/2011 - 14:18:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@amgdgt[2].txt [491] O61 - LFC:Last File Created 23/03/2011 - 14:18:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@eulerian[1].txt [474] O61 - LFC:Last File Created 23/03/2011 - 14:18:37 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@edt02[1].txt [331] O61 - LFC:Last File Created 23/03/2011 - 14:18:37 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.easyjet[5].txt [235] O61 - LFC:Last File Created 23/03/2011 - 14:18:59 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@easyjet[4].txt [830] O61 - LFC:Last File Created 23/03/2011 - 14:19:00 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.easyjet[2].txt [1341] O61 - LFC:Last File Created 23/03/2011 - 14:20:03 ---A- C:\Documents And Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP140 series Printer\Drvlog\Canon MP140 series Printer\drvlog1 [364] O61 - LFC:Last File Created 23/03/2011 - 14:20:58 ---A- C:\Documents And Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP140 series Printer\Canon MP140 series Printer\0001\HP_Propriétaire.dat [1112] O61 - LFC:Last File Created 23/03/2011 - 14:21:05 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.js [0] O61 - LFC:Last File Created 23/03/2011 - 14:21:05 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js [10] O61 - LFC:Last File Created 23/03/2011 - 14:21:07 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Adobe\Acrobat\9.0\SharedDataEvents [6144] O61 - LFC:Last File Created 23/03/2011 - 14:21:14 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Adobe\Updater6\aumLib.log [44627] O61 - LFC:Last File Created 23/03/2011 - 14:21:18 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log [124465] O61 - LFC:Last File Created 23/03/2011 - 16:25:18 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\OSUP4I6M\by147w.bay147.mail.live[1].xml [13] O61 - LFC:Last File Created 23/03/2011 - 16:26:18 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\TAD2VSPL\cid-41fa3b422bae9c83.profile.live[1].xml [13] O61 - LFC:Last File Created 23/03/2011 - 18:31:25 -SHA- C:\Documents And Settings\NetworkService\Local Settings\Historique\History.IE5\MSHist012011032320110324\index.dat [32768] O61 - LFC:Last File Created 23/03/2011 - 20:32:21 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@prisma-presse[4].txt [182] O61 - LFC:Last File Created 23/03/2011 - 20:32:56 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@smartadserver[5].txt [854] O61 - LFC:Last File Created 23/03/2011 - 20:33:01 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@pixel.rubiconproject[3].txt [108] O61 - LFC:Last File Created 23/03/2011 - 20:33:02 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol [735] O61 - LFC:Last File Created 23/03/2011 - 20:33:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@contextweb[2].txt [83] O61 - LFC:Last File Created 23/03/2011 - 20:33:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@openx[3].txt [101] O61 - LFC:Last File Created 23/03/2011 - 20:33:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@rubiconproject[3].txt [184] O61 - LFC:Last File Created 23/03/2011 - 20:33:11 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@programme-tv[4].txt [231] O61 - LFC:Last File Created 23/03/2011 - 20:33:22 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@abmr[3].txt [201] O61 - LFC:Last File Created 23/03/2011 - 20:33:22 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@media6degrees[2].txt [488] O61 - LFC:Last File Created 23/03/2011 - 20:33:22 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@quantserve[2].txt [98] O61 - LFC:Last File Created 23/03/2011 - 20:33:23 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@pubmatic[1].txt [805] O61 - LFC:Last File Created 23/03/2011 - 20:33:23 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@showadsak.pubmatic[1].txt [137] O61 - LFC:Last File Created 23/03/2011 - 20:33:48 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@tribalfusion[1].txt [172] O61 - LFC:Last File Created 23/03/2011 - 20:33:52 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@nxtck[2].txt [206] O61 - LFC:Last File Created 23/03/2011 - 20:34:18 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@intellitxt[1].txt [127] O61 - LFC:Last File Created 23/03/2011 - 22:13:07 ---A- C:\Documents And Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat [4232] O61 - LFC:Last File Created 23/03/2011 - 22:13:07 ---A- C:\Documents And Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat [4646] O61 - LFC:Last File Created 24/03/2011 - 02:35:55 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@adinterax[3].txt [222] O61 - LFC:Last File Created 24/03/2011 - 05:43:11 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@scorecardresearch[5].txt [112] O61 - LFC:Last File Created 24/03/2011 - 05:43:24 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\2A6Z39TP\by153w.bay153.mail.live[1].xml [13] O61 - LFC:Last File Created 24/03/2011 - 05:43:29 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@invitemedia[1].txt [247] O61 - LFC:Last File Created 24/03/2011 - 05:44:13 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\CMGQ9H0X\cid-d69417082a134bf4.profile.live[1].xml [13] O61 - LFC:Last File Created 24/03/2011 - 05:45:27 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@voicefive[2].txt [289] O61 - LFC:Last File Created 24/03/2011 - 05:46:22 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@CA235R1W.txt [67] O61 - LFC:Last File Created 24/03/2011 - 08:49:44 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\XXFMFHMW\sn136w.snt136.mail.live[1].xml [13] O61 - LFC:Last File Created 24/03/2011 - 08:50:18 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\RU20PVBO\cid-98a100f99a191c79.profile.live[1].xml [13] O61 - LFC:Last File Created 24/03/2011 - 09:54:27 -SHA- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat [32768] O61 - LFC:Last File Created 24/03/2011 - 09:56:01 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\PXM62NVQ\bl166w.blu166.mail.live[1].xml [13] O61 - LFC:Last File Created 24/03/2011 - 09:56:49 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\YORR9E7L\cid-31ab7b610e18e54c.profile.live[1].xml [13] O61 - LFC:Last File Created 24/03/2011 - 10:00:10 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\XXFMFHMW\secure.shared.live[1].xml [1803] O61 - LFC:Last File Created 24/03/2011 - 10:57:46 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.orange[2].txt [80] O61 - LFC:Last File Created 24/03/2011 - 10:57:48 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ap.orangeads[2].txt [101] O61 - LFC:Last File Created 24/03/2011 - 10:59:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@orange[1].txt [370] O61 - LFC:Last File Created 24/03/2011 - 10:59:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@orangeads[4].txt [98] O61 - LFC:Last File Created 24/03/2011 - 10:59:53 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@volodalen[2].txt [383] O61 - LFC:Last File Created 24/03/2011 - 10:59:57 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\32C2EEAF-79B6-0261-3C86-5B83C0688136.txt [2838] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_desktop.gif [1035] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_earth.gif [1086] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_ff.gif [1061] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_gpy.gif [662] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_imm.gif [386] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_maxthon.gif [411] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_ns.gif [594] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_picasa.gif [345] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_talk.gif [576] O61 - LFC:Last File Created 24/03/2011 - 16:31:23 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_toolbar.gif [322] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_acrobat.gif [268] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_ar.gif [1074] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_avast.gif [1029] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_chrome.gif [1043] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_gapps.gif [1082] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_real.gif [1030] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_sd.gif [421] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_skype.gif [606] O61 - LFC:Last File Created 24/03/2011 - 16:31:24 ---A- C:\Documents And Settings\All Users\Application Data\Google Updater\icons\images_wps.gif [1035] O61 - LFC:Last File Created 24/03/2011 - 18:06:31 ---A- C:\Documents And Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\M8YTD4AU\uk.mg41.mail.yahoo.com\cookies.sol [67] O61 - LFC:Last File Created 24/03/2011 - 18:06:31 ---A- C:\Documents And Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#uk.mg41.mail.yahoo.com\settings.sol [92] O61 - LFC:Last File Created 24/03/2011 - 18:06:31 ---A- C:\Documents And Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol [547] O61 - LFC:Last File Created 24/03/2011 - 19:29:06 ---A- C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML [12828] O61 - LFC:Last File Created 24/03/2011 - 21:49:10 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@adinterax[4].txt [185] O61 - LFC:Last File Created 24/03/2011 - 22:55:38 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ad.zanox[2].txt [210] O61 - LFC:Last File Created 24/03/2011 - 22:55:39 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@zanox[3].txt [237] O61 - LFC:Last File Created 24/03/2011 - 22:57:18 -SHA- C:\Documents And Settings\NetworkService\Local Settings\Historique\History.IE5\MSHist012011032420110325\index.dat [32768] O61 - LFC:Last File Created 24/03/2011 - 23:04:43 -SHA- C:\Documents And Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012011032420110325\index.dat [32768] O61 - LFC:Last File Created 24/03/2011 - 23:09:22 -SHA- C:\Documents And Settings\NetworkService\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 00:09:30 --HA- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\IconCache.db [2117880] O61 - LFC:Last File Created 25/03/2011 - 03:20:49 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Macromedia\Flash Player\#SharedObjects\BZVJ4P73\na.edit.yahoo.com\tmp.swf\DataStore_.sol [230] O61 - LFC:Last File Created 25/03/2011 - 03:23:05 -SHA- C:\Documents And Settings\NetworkService\IETldCache\index.dat [262144] O61 - LFC:Last File Created 25/03/2011 - 09:29:20 -SHA- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 09:30:34 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML [13921] O61 - LFC:Last File Created 25/03/2011 - 09:31:13 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\2A6Z39TP\sn132w.snt132.mail.live[1].xml [13] O61 - LFC:Last File Created 25/03/2011 - 09:32:28 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\CMGQ9H0X\cid-6bccbbaabd354363.profile.live[1].xml [13] O61 - LFC:Last File Created 25/03/2011 - 09:35:05 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\TAD2VSPL\secure.shared.live[1].xml [1629] O61 - LFC:Last File Created 25/03/2011 - 09:35:13 -SHA- C:\Documents And Settings\NetworkService\Local Settings\Historique\History.IE5\MSHist012011032520110326\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 09:36:33 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@untd[1].txt [83] O61 - LFC:Last File Created 25/03/2011 - 09:36:35 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@adnxs[1].txt [434] O61 - LFC:Last File Created 25/03/2011 - 09:36:35 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ads.pubmatic[2].txt [144] O61 - LFC:Last File Created 25/03/2011 - 09:36:35 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@pubmatic[2].txt [1454] O61 - LFC:Last File Created 25/03/2011 - 09:36:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@audienceiq[2].txt [93] O61 - LFC:Last File Created 25/03/2011 - 09:36:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@invitemedia[3].txt [993] O61 - LFC:Last File Created 25/03/2011 - 09:36:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@mediabrandsww[3].txt [96] O61 - LFC:Last File Created 25/03/2011 - 09:36:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@p-td[3].txt [87] O61 - LFC:Last File Created 25/03/2011 - 09:36:36 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@turn[3].txt [550] O61 - LFC:Last File Created 25/03/2011 - 09:36:37 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@nexac[1].txt [71] O61 - LFC:Last File Created 25/03/2011 - 10:50:18 ---A- C:\Documents And Settings\HP_Propriétaire\UserData\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 10:51:15 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt.combing[7].txt [253] O61 - LFC:Last File Created 25/03/2011 - 10:51:57 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@bubblestat[3].txt [970] O61 - LFC:Last File Created 25/03/2011 - 10:51:59 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@ttbmanutan.solution.weborama[2].txt [410] O61 - LFC:Last File Created 25/03/2011 - 10:52:08 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@conforama.solution.weborama[2].txt [409] O61 - LFC:Last File Created 25/03/2011 - 11:05:49 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\32C2EEAF-79B6-0261-3C86-5B83C0688136.txt [3674] O61 - LFC:Last File Created 25/03/2011 - 11:21:52 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.teamxscript[2].txt [88] O61 - LFC:Last File Created 25/03/2011 - 11:22:32 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{204C4177-533D-11E0-84E5-0013D326442E}.dat [3584] O61 - LFC:Last File Created 25/03/2011 - 11:22:32 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{CAB16FDA-56C9-11E0-84E8-0013D326442E}.dat [6144] O61 - LFC:Last File Created 25/03/2011 - 11:25:25 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\cijbkLGKaC.lnk [771] O61 - LFC:Last File Created 25/03/2011 - 11:26:48 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\EmsisoftEmergencyKit.lnk [644] O61 - LFC:Last File Created 25/03/2011 - 11:26:48 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\avenger.lnk [656] O61 - LFC:Last File Created 25/03/2011 - 11:58:43 -SH-- C:\Documents And Settings\HP_Propriétaire\ntuser.ini [284] O61 - LFC:Last File Created 25/03/2011 - 12:00:31 -SHA- C:\Documents And Settings\NetworkService\Local Settings\desktop.ini [62] O61 - LFC:Last File Created 25/03/2011 - 12:00:32 -SHA- C:\Documents And Settings\HP_Propriétaire\Application Data\Microsoft\Credentials\S-1-5-21-2705973081-667088016-391471673-1008\Credentials [524] O61 - LFC:Last File Created 25/03/2011 - 12:00:32 -SHA- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2705973081-667088016-391471673-1008\Credentials [3114] O61 - LFC:Last File Created 25/03/2011 - 12:00:32 -SHA- C:\Documents And Settings\HP_Propriétaire\Local Settings\desktop.ini [62] O61 - LFC:Last File Created 25/03/2011 - 12:00:32 -SHA- C:\Documents And Settings\LocalService\Local Settings\desktop.ini [62] O61 - LFC:Last File Created 25/03/2011 - 12:01:21 -SHA- C:\Documents And Settings\LocalService\Local Settings\temp\Cookies\index.dat [16384] O61 - LFC:Last File Created 25/03/2011 - 12:01:21 -SHA- C:\Documents And Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 12:01:21 -SHA- C:\Documents And Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat [16384] O61 - LFC:Last File Created 25/03/2011 - 12:38:51 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\UsbFix.lnk [446] O61 - LFC:Last File Created 25/03/2011 - 12:39:37 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@scorecardresearch[6].txt [115] O61 - LFC:Last File Created 25/03/2011 - 12:39:41 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@rad.msn[3].txt [680] O61 - LFC:Last File Created 25/03/2011 - 12:39:42 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@boursoramabanque.solution.weborama[3].txt [486] O61 - LFC:Last File Created 25/03/2011 - 12:39:42 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@c.msn[1].txt [68] O61 - LFC:Last File Created 25/03/2011 - 12:41:08 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@bs.serving-sys[2].txt [145] O61 - LFC:Last File Created 25/03/2011 - 12:41:41 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\avenger (2).lnk [451] O61 - LFC:Last File Created 25/03/2011 - 12:41:42 ---A- C:\Documents And Settings\HP_Propriétaire\Recent\HP_PAVILION ©.lnk [336] O61 - LFC:Last File Created 25/03/2011 - 12:42:10 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.zebulon[2].txt [215] O61 - LFC:Last File Created 25/03/2011 - 12:46:08 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@serving-sys[3].txt [517] O61 - LFC:Last File Created 25/03/2011 - 13:33:24 ---A- C:\Documents And Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat [311296] O61 - LFC:Last File Created 25/03/2011 - 13:33:24 -SHA- C:\Documents And Settings\NetworkService\Cookies\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 13:34:03 -SHA- C:\Documents And Settings\LocalService\IETldCache\index.dat [16384] O61 - LFC:Last File Created 25/03/2011 - 20:22:15 ---A- C:\Documents And Settings\LocalService\Local Settings\Historique\History.IE5\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 20:48:04 --HA- C:\Documents And Settings\Default User\ntuser.dat.LOG [1024] O61 - LFC:Last File Created 25/03/2011 - 20:48:05 --HA- C:\Documents And Settings\Administrateur.PICASSO\ntuser.dat.LOG [1024] O61 - LFC:Last File Created 25/03/2011 - 20:48:05 --HA- C:\Documents And Settings\Administrateur\ntuser.dat.LOG [1024] O61 - LFC:Last File Created 25/03/2011 - 21:10:08 -SHA- C:\Documents And Settings\HP_Propriétaire\IETldCache\index.dat [262144] O61 - LFC:Last File Created 25/03/2011 - 21:10:46 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\prefs.js [46502] O61 - LFC:Last File Created 25/03/2011 - 21:10:46 ---A- C:\Documents And Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\prefs.js.BAK [46504] O61 - LFC:Last File Created 25/03/2011 - 21:52:55 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\index.dat [802816] O61 - LFC:Last File Created 25/03/2011 - 21:52:55 ---A- C:\Documents And Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat [3342336] O61 - LFC:Last File Created 25/03/2011 - 21:52:55 -SHA- C:\Documents And Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 21:52:55 -SHA- C:\Documents And Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012011032520110326\index.dat [32768] O61 - LFC:Last File Created 25/03/2011 - 21:52:55 -SHA- C:\Documents And Settings\HP_Propriétaire\PrivacIE\index.dat [16187392] O61 - LFC:Last File Created 25/03/2011 - 21:53:01 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@atdmt[7].txt [239] O61 - LFC:Last File Created 25/03/2011 - 21:53:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@CAYSTXQO.txt [343] O61 - LFC:Last File Created 25/03/2011 - 21:53:02 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@msn[9].txt [567] O61 - LFC:Last File Created 25/03/2011 - 21:54:51 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@forum.zebulon[3].txt [397] O61 - LFC:Last File Created 25/03/2011 - 21:54:51 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@zebulon[5].txt [433] O61 - LFC:Last File Created 25/03/2011 - 21:54:53 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.zebulon[6].txt [215] O61 - LFC:Last File Created 25/03/2011 - 21:54:54 ---A- C:\Documents And Settings\HP_Propriétaire\Cookies\hp_propriétaire@specificclick[6].txt [262] ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis O63 - Logiciel: UsbFix By TeamXscript - (.TeamXscript.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - (.not file.) - 2fdf0208 (2fdf0208) .(...) - LEGACY_2FDF0208 O64 - Services: CurCS - (.not file.) - 58a5c980 (58a5c980) .(...) - LEGACY_58A5C980 O64 - Services: CurCS - C:\Program Files\a-squared Anti-Malware\a2service.exe - a-squared Anti-Malware Service (a2AntiMalware) .(.Emsi Software GmbH - a-squared Service.) - LEGACY_A2ANTIMALWARE O64 - Services: CurCS - C:\Windows\System32\Drivers\a347scsi.sys - a347scsi (a347scsi) .(.Pas de propriétaire - SCSI miniport.) - LEGACY_A347SCSI O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\AAVMKER4.sys - (.not file.) - avast! Asynchronous Virus Monitor (Aavmker4) .(...) - LEGACY_AAVMKER4 O64 - Services: CurCS - C:\Windows\System32\DRIVERS\AegisP.sys - AEGIS Protocol (IEEE 802.1x) v3.4.3.0 (AegisP) .(.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) - LEGACY_AEGISP O64 - Services: CurCS - C:\WINDOWS\system32\drivers\afd.sys - AFD (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - C:\WINDOWS\System32\alg.exe - Service de la passerelle de la couche Application (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG O64 - Services: CurCS - C:\Windows\System32\DRIVERS\arp1394.sys - Protocole client ARP 1394 (Arp1394) .(.Microsoft Corporation - IP/1394 Arp Client.) - LEGACY_ARP1394 O64 - Services: CurCS - C:\Windows\System32\DRIVERS\aswFsBlk.sys - aswFsBlk (aswFsBlk) .(.ALWIL Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWMON2.sys - (.not file.) - avast! Standard Shield Support (aswMon2) .(...) - LEGACY_ASWMON2 O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWRDR.sys - (.not file.) - aswRdr (aswRdr) .(...) - LEGACY_ASWRDR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWSP.sys - (.not file.) - avast! Self Protection (aswSP) .(...) - LEGACY_ASWSP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\ASWTDI.sys - (.not file.) - avast! Network Shield Support (aswTdi) .(...) - LEGACY_ASWTDI O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - avast! iAVS4 Control Service (aswUpdSv) .(.ALWIL Software - avast! Antivirus updating service.) - LEGACY_ASWUPDSV O64 - Services: CurCS - C:\WINDOWS\system32\Ati2evxx.exe - Ati HotKey Poller (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Audio Windows (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast4\ashServ.exe - avast! Antivirus (avast! Antivirus) .(.ALWIL Software - avast! antivirus service.) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe - avast! Mail Scanner (avast! Mail Scanner) .(.ALWIL Software - avast! e-Mail Scanner Service.) - LEGACY_AVAST!_MAIL_SCANNER O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - avast! Web Scanner (avast! Web Scanner) .(.ALWIL Software - avast! Web Scanner.) - LEGACY_AVAST!_WEB_SCANNER O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\BEEP.sys - Beep (Beep) .(...) - LEGACY_BEEP O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de transfert intelligent en arrière-plan (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Explorateur d'ordinateur (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER O64 - Services: CurCS - C:\ComboFix\catchme.sys (.not file.) - catchme (catchme) .(...) - LEGACY_CATCHME O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\CDFS.sys - cdfs (cdfs) .(...) - LEGACY_CDFS O64 - Services: CurCS - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32 O64 - Services: CurCS - (.not file.) - (.not file.) - Application système COM+ (COMSysApp) .(...) - LEGACY_COMSYSAPP O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Services de cryptographie (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC O64 - Services: CurCS - (.not file.) - (.not file.) - Lanceur de processus serveur DCOM (DcomLaunch) .(...) - LEGACY_DCOMLAUNCH O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DHCP (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP O64 - Services: CurCS - C:\Windows\System32\drivers\dmboot.sys - dmboot (dmboot) .(.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disq.) - LEGACY_DMBOOT O64 - Services: CurCS - C:\Windows\System32\drivers\dmload.sys - dmload (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client DNS (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Service de rapport d'erreurs (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Système d'événements de COM+ (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FASTFAT.sys - fastfat (fastfat) .(...) - LEGACY_FASTFAT O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY O64 - Services: CurCS - C:\WINDOWS\system32\fxssvc.exe - Fax (Fax) .(.Microsoft Corporation - Service de télécopie.) - LEGACY_FAX O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FIPS.sys - Fips (Fips) .(...) - LEGACY_FIPS O64 - Services: CurCS - C:\Windows\System32\drivers\fltmgr.sys - FltMgr (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR O64 - Services: CurCS - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0 O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msgpc.sys - Classificateur de paquets générique (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC O64 - Services: CurCS - C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.sys - GTNDIS5 NDIS Protocol Driver (GTNDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_GTNDIS5 O64 - Services: CurCS - C:\Program Files\Google\Update\GoogleUpdate.exe - Service Google Update (gupdate) (gupdate) .(.Google Inc. - Programme d'installation de Google.) - LEGACY_GUPDATE O64 - Services: CurCS - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Software Updater (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Aide et support (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HID Input Service (HidServ) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HIDSERV O64 - Services: CurCS - C:\Windows\System32\Drivers\HTTP.sys - HTTP (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - HTTP SSL (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER O64 - Services: CurCS - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe - InstallDriver Table Manager (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe - Windows CardSpace (idsvc) .(.Microsoft Corporation - Windows CardSpace.) - LEGACY_IDSVC O64 - Services: CurCS - C:\WINDOWS\system32\imapi.exe - Service COM de gravage de CD IMAPI (ImapiService) .(.Microsoft Corporation - API Image Mastering.) - LEGACY_IMAPISERVICE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipnat.sys - Traducteur d'adresses réseau IP (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT O64 - Services: CurCS - C:\Program Files\iPod\bin\iPodService.exe - iPod Service (iPodService) .(.Apple Computer, Inc. - iPodService Module.) - LEGACY_IPODSERVICE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ipsec.sys - Pilote IPSEC (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - (.not file.) - klmd25 (klmd25) .(...) - LEGACY_KLMD25 O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\KSECDD.sys - ksecdd (ksecdd) .(...) - LEGACY_KSECDD O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Serveur (lanmanserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Station de travail (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Assistance TCP/IP NetBIOS (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MBAMSWISSARMY.sys - MBAMSwissArmy (MBAMSwissArmy) .(...) - LEGACY_MBAMSWISSARMY O64 - Services: CurCS - C:\ComboFix\mbr.sys (.not file.) - mbr (mbr) .(...) - LEGACY_MBR O64 - Services: CurCS - (.not file.) - mchInjDrv (mchInjDrv) .(...) - LEGACY_MCHINJDRV O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MNMDD.sys - mnmdd (mnmdd) .(...) - LEGACY_MNMDD O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MOUNTMGR.sys - (.not file.) - mountmgr (mountmgr) .(...) - LEGACY_MOUNTMGR O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxdav.sys - Redirecteur client WebDav (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\mrxsmb.sys - MRXSMB (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB O64 - Services: CurCS - C:\WINDOWS\system32\msdtc.exe - Distributed Transaction Coordinator (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS O64 - Services: CurCS - C:\WINDOWS\system32\msiexec.exe - Windows Installer (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\MUP.sys - (.not file.) - Mup (Mup) .(...) - LEGACY_MUP O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDIS.sys - (.not file.) - Pilote système NDIS (NDIS) .(...) - LEGACY_NDIS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndistapi.sys - Pilote TAPI NDIS d'accès distant (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS mode utilisateur E/S Protocole (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - Interface NetBIOS (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbt.sys - NetBIOS sur TCP/IP (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexions réseau (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - NLA (Network Location Awareness) (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NTFS.sys - ntfs (ntfs) .(...) - LEGACY_NTFS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARTMGR.sys - (.not file.) - PartMgr (PartMgr) .(...) - LEGACY_PARTMGR O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\PARVDM.sys - ParVdm (ParVdm) .(...) - LEGACY_PARVDM O64 - Services: CurCS - C:\WINDOWS\system32\PCANDIS5.sys - PCANDIS5 NDIS Protocol Driver (PCANDIS5) .(.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) - LEGACY_PCANDIS5 O64 - Services: CurCS - (.not file.) - Pml Driver HPZ12 (Pml Driver HPZ12) .(...) - LEGACY_PML_DRIVER_HPZ12 O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Services IPSEC (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT O64 - Services: CurCS - (.not file.) - PROCEXP113 (PROCEXP113) .(...) - LEGACY_PROCEXP113 O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Emplacement protégé (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rasacd.sys - Pilote de connexion automatique d'accès distant (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Gestionnaire de connexions d'accès distant (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rdbss.sys - Rdbss (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\RDPCDD.sys - RDPCDD (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(...) - LEGACY_RDPNP O64 - Services: CurCS - (.not file.) - (.not file.) - Appel de procédure distante (RPC) (RpcSs) .(...) - LEGACY_RPCSS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rspndr.sys - Répondeur de découverte de topologie de la couche de liaison (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR O64 - Services: CurCS - C:\WINDOWS\system32\rsvp.exe - QoS RSVP (RSVP) .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP O64 - Services: CurCS - C:\WINDOWS\system32\lsass.exe - Gestionnaire de comptes de sécurité (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Planificateur de tâches (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\secdrv.sys - Secdrv (Secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Connexion secondaire (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Notification d'événement système (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\SERIAL.sys - Serial (Serial) .(...) - LEGACY_SERIAL O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Pare-feu Windows / Partage de connexion Internet (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Détection matériel noyau (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION O64 - Services: CurCS - C:\WINDOWS\system32\spoolsv.exe - Spouleur d'impression (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER O64 - Services: CurCS - C:\Windows\System32\DRIVERS\sr.sys - Pilote de filtre de restauration système (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de restauration système (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srv.sys - Srv (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Service de découvertes SSDP (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Acquisition d'image Windows (WIA) (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC O64 - Services: CurCS - (.not file.) - SYMIDSCO (SYMIDSCO) .(...) - LEGACY_SYMIDSCO O64 - Services: CurCS - (.not file.) - SYMTDI (SYMTDI) .(...) - LEGACY_SYMTDI O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Téléphonie (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\tcpip.sys - Pilote du protocole TCP/IP (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP O64 - Services: CurCS - (.not file.) - (.not file.) - Services Terminal Server (TermService) .(...) - LEGACY_TERMSERVICE O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Thèmes (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Client de suivi de lien distribué (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\UDFS.sys - Udfs (Udfs) .(...) - LEGACY_UDFS O64 - Services: CurCS - C:\WINDOWS\system32\wdfmgr.exe - Windows User Mode Driver Framework (UMWdf) .(.Microsoft Corporation - Windows User Mode Driver Manager.) - LEGACY_UMWDF O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VGA.sys - vga (vga) .(...) - LEGACY_VGA O64 - Services: CurCS - C:\WINDOWS\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - C:\WINDOWS\system32\Drivers\VOLSNAP.sys - VolSnap (VolSnap) .(...) - LEGACY_VOLSNAP O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Horloge Windows (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wanarp.sys - Pilote ARP IP d'accès distant (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - WebClient (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Infrastructure de gestion Windows (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT O64 - Services: CurCS - C:\WINDOWS\system32\wbem\wmiapsrv.exe - Carte de performance WMI (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Centre de sécurité (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC O64 - Services: CurCS - C:\WINDOWS\system32\svchost.exe - Mises à jour automatiques (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV O64 - Services: CurCS - C:\WINDOWS\System32\svchost.exe - Configuration automatique sans fil (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC ---\\ Liste des fichiers non signés (O65) O65 - LUF:09/01/2004 (.Pas de propriétaire - ActiveSkin Module.) (4, 2, 7, 3) - c:\windows\system32\actskin4.ocx O65 - LUF:31/01/2000 (.Pas de propriétaire - .) (1.0.0.0) - c:\windows\system32\bcbsmp50.bpl O65 - LUF:20/03/2002 (.Pas de propriétaire - HpReg Module.) (1, 0, 0, 2) - c:\windows\system32\hpreg.dll O65 - LUF:14/04/2000 (.Pas de propriétaire - LEADTOOLS FlashPix library.) (V1.1.FC1) - c:\windows\system32\Lffpx7.dll O65 - LUF:24/01/2001 (.Pas de propriétaire - prntfix Application.) (1.50) - c:\windows\system32\prntfix.exe O65 - LUF:15/08/2006 (.Pas de propriétaire - UpdateDriver Application.) (1, 0, 0, 3) - c:\windows\system32\UpdateDriver.exe O65 - LUF:30/04/2004 (. - .) (3.47.0.0 built by: WinDDK) - c:\windows\system32\drivers\a347bus.sys O65 - LUF:30/04/2004 (. - .) (3.47.0.0 built by: WinDDK) - c:\windows\system32\drivers\a347scsi.sys ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - Bing O69 - SBI: SearchScopes [HKCU] {42F3EC86-6C72-4CF4-8D9E-0D0584E7A57A} [DefaultScope] - (Google) - Google O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 20/07/2009 719392 | C:\Program Files\a-squared Anti-Malware\a2service.exe (a2AntiMalware) . (.Emsi Software GmbH.) - C:\Program Files\a-squared Anti-Malware\a2service.exe SR - | Auto 24/11/2009 18752 | (aswUpdSv) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe SR - | Auto 06/04/2005 364544 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SR - | Auto 24/11/2009 138680 | (avast! Antivirus) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe SR - | Demand 24/11/2009 254040 | (avast! Mail Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe SS - | Demand 24/11/2009 352920 | (avast! Web Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe SS - | Auto 06/01/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 24/03/2009 183280 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe SS - | Demand 13/10/2004 327680 | (iPodService) . (.Apple Computer, Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 25/07/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, GMER - Rootkit Detector and Remover Run by HP_Propriétaire at 25/03/2011 22:18:33 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84B21108]<< ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by HP_Propriétaire at 25/03/2011 22:18:37 Use the desktop link 'MBRCheck' to have full report Dump file Name : C:\PhysicalDisk0_MBR.bin End of the scan (1514 lines in 19mn 24s)(0) M
  17. ben ali
    Bonsoir Bernard, Déja je n'ai aucun mérite et c'est vous que je remercie encore pour votre disponibilité et vos conseils en or ! Comme convenu, je vous mets tout d'abord le rapport "combofix" après désinstallation puis réinstallation de ce dernier: ComboFix 11-03-24.06 - HP_Propriétaire 25/03/2011 20:49:49.7.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.155 [GMT 1:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-25 au 2011-03-25 )))))))))))))))))))))))))))))))))))) . . 2011-03-25 10:28 . 2011-03-25 10:28 574 ----a-w- C:\cleanup.bat 2011-03-22 14:01 . 2011-03-25 10:02 -------- d-----w- C:\UsbFix 2011-03-17 22:30 . 2011-03-18 13:54 -------- d-----w- C:\FR-files 2011-03-17 22:19 . 2011-03-17 22:40 -------- d-----w- C:\WinFileReplace 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-06 22:22 . 2011-03-06 22:22 512 ------w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-07 12:56 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 21:49 . 2011-02-23 21:50 -------- d-----w- c:\program files\CCleaner 2011-02-23 21:48 . 2011-02-23 21:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-02-23 21:47 . 2011-02-23 21:47 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-02-23 21:40 . 2011-02-23 21:40 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Reviversoft . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-25 10:02 . 2011-03-25 10:02 3850045 ----a-w- C:\UsbFix_Upload_Me_PICASSO.zip 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-05 18:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [21/02/2007 23:20 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [21/02/2007 23:20 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 07:21 114768] R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [07/06/2007 09:52 719392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 07:21 20560] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 18:58 135664] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 19:40 606208] . Contenu du dossier 'Tâches planifiées' . 2011-03-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-25 21:04 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(384) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2011-03-25 21:12:17 ComboFix-quarantined-files.txt 2011-03-25 20:12 ComboFix2.txt 2011-03-25 11:23 . Avant-CF: 122 506 428 416 octets libres Après-CF: 122 490 281 984 octets libres . - - End Of File - - B29B1A72D35429DF770FD402BEBDC311
  18. ben ali
    Bonjour Bernard, Voici déja le dernier rapport usbfix en date: ############################## | UsbFix 7.042 | [suppression] Utilisateur: HP_Propriétaire (Administrateur) # PICASSO [ ] Mis à jour le 21/03/2011 par TeamXscript Lancé à 10:55:30 | 25/03/2011 Site Web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF Submit your sample: Upload TeamXscript Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Athlon 64 Processor 3400+ Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Activé Antivirus: avast! antivirus 4.8.1368 [VPS 101130-1] 4.8.1368 [Enabled | (!) Outdated] Antivirus: a-squared Anti-Malware 4 [Enabled | Updated] RAM -> 446 Mo C:\ (%systemdrive%) -> Disque fixe # 180 Go (113 Go libre(s) - 63%) [HP_PAVILION] # NTFS D:\ -> Disque fixe # 6 Go (1 Go libre(s) - 25%) [HP_RECOVERY] # FAT32 E:\ -> CD-ROM K:\ -> CD-ROM ################## | Éléments infectieux | Supprimé! C:\log.txt Supprimé! C:\tmp ################## | Registre | Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Listing | [11/07/2008 - 15:22:07 | D ] C:\!KillBox [06/03/2011 - 20:28:58 | N | 13438] C:\03062011_142607.log [16/08/2009 - 01:31:52 | D ] C:\58d90bf29d9df97722 [23/02/2010 - 18:33:45 | D ] C:\algo-tests [01/01/2005 - 23:13:35 | N | 50] C:\AUTOEXEC.BAT [05/03/2011 - 21:42:37 | N | 80896] C:\bernard53.doc [06/03/2011 - 14:13:47 | N | 40448] C:\bernard53_bis.doc [14/10/2005 - 06:40:32 | N | 218] C:\BOOT.BAK [03/03/2011 - 22:28:21 | N | 324] C:\boot.ini [05/08/2004 - 13:00:00 | N | 4952] C:\Bootfont.bin [14/10/2005 - 06:46:03 | D ] C:\cmdcons [05/08/2004 - 13:00:00 | N | 263488] C:\cmldr [16/03/2011 - 22:08:41 | N | 12854] C:\ComboFix.txt [23/02/2011 - 09:59:54 | D ] C:\Config.Msi [23/11/2004 - 22:21:48 | N | 0] C:\CONFIG.SYS [02/01/2006 - 22:17:43 | D ] C:\Converted Audio Files [02/01/2006 - 22:18:06 | D ] C:\Converted Music [15/03/2006 - 23:48:55 | N | 198] C:\Delapp.bat [09/09/2010 - 14:03:08 | D ] C:\Documents [16/04/2009 - 00:04:25 | D ] C:\Documents and Settings [18/03/2011 - 14:54:52 | D ] C:\FR-files [24/03/2011 - 10:53:15 | ASH | 468242432] C:\hiberfil.sys [27/10/2008 - 08:45:31 | D ] C:\hp [31/12/2009 - 17:34:53 | D ] C:\HSF [23/11/2004 - 22:21:48 | N | 0] C:\IO.SYS [17/06/2007 - 21:11:23 | D ] C:\KPCMS [01/09/2008 - 23:34:34 | N | 17920] C:\liste complète ce2.pub [20/04/2008 - 10:36:09 | D ] C:\Mes téléchargements [22/12/2007 - 15:53:57 | D ] C:\mes_docs_Old_PC [31/12/2009 - 21:51:02 | D ] C:\MODECRIT [23/11/2004 - 22:21:48 | N | 0] C:\MSDOS.SYS [05/08/2004 - 13:00:00 | N | 47564] C:\NTDETECT.COM [15/04/2009 - 23:42:50 | N | 252240] C:\ntldr [06/03/2011 - 04:08:14 | N | 169762] C:\OTL.Txt [25/03/2011 - 10:57:34 | ASH | 1171546112] C:\pagefile.sys [09/02/2006 - 12:55:36 | N | 908978] C:\pass_FBA.pdf [11/10/1997 - 08:07:14 | N | 30] C:\PHIL2055.PHT [06/03/2011 - 23:22:20 | N | 512] C:\PhysicalDisk0_MBR.bin [02/07/2008 - 09:08:24 | D ] C:\PICHON07 [08/04/2009 - 12:37:12 | D ] C:\PICHON08 [30/08/2009 - 12:51:21 | D ] C:\PICHON09 [13/03/2011 - 22:45:10 | D ] C:\Program Files [01/01/2005 - 22:12:47 | D ] C:\Python22 [16/03/2011 - 22:08:58 | D ] C:\Qoobox [18/03/2011 - 14:54:52 | N | 976] C:\rapport-WFR.txt [25/03/2011 - 11:01:25 | SHD ] C:\RECYCLER [25/03/2011 - 10:50:33 | SHD ] C:\System Volume Information [01/01/2005 - 22:12:24 | D ] C:\system.sav [13/03/2011 - 22:44:57 | D ] C:\tdsskiller [08/03/2011 - 14:33:34 | N | 76108] C:\TDSSKiller.2.4.20.0_08.03.2011_14.29.09_log.txt [19/12/2008 - 14:25:56 | D ] C:\temp [23/02/2011 - 22:58:18 | D ] C:\thomas [27/10/2008 - 09:02:51 | N | 510] C:\updatedatfix.log [25/03/2011 - 11:01:41 | D ] C:\UsbFix [25/03/2011 - 11:01:47 | A | 1265] C:\UsbFix.txt [24/03/2011 - 10:55:12 | D ] C:\WINDOWS [17/03/2011 - 23:40:44 | D ] C:\WinFileReplace [07/09/2009 - 10:43:46 | N | 2501] C:\xPos.txt [07/03/2011 - 10:20:30 | N | 188498] C:\ZHPDiag.Txt [07/03/2011 - 13:56:26 | N | 37578] C:\ZHPExportRegistry-07-03-2011-13-56-26.txt [06/03/2011 - 20:26:07 | D ] C:\_OTL [28/07/2001 - 07:07:38 | N | 0] D:\AUTOEXEC.BAT [21/04/2005 - 17:28:24 | N | 6] D:\BLOCK.RIN [09/01/2002 - 20:52:30 | N | 244] D:\BOOT.INI [17/08/2001 - 10:26:26 | N | 237728] D:\CMLDR [28/07/2001 - 07:07:38 | N | 0] D:\CONFIG.SYS [10/09/2002 - 00:14:14 | SH | 100] D:\Desktop.ini [10/09/2002 - 17:21:08 | N | 7850] D:\Folder.htt [30/04/2001 - 21:16:46 | N | 14] D:\Graph [25/01/2002 - 19:21:24 | N | 0] D:\GRAPH16 [30/11/2004 - 13:01:50 | N | 73728] D:\Info.exe [28/07/2001 - 07:07:38 | N | 0] D:\IO.SYS [01/01/2005 - 15:45:24 | N | 900] D:\MASTER.LOG [28/07/2001 - 07:07:38 | N | 0] D:\MSDOS.SYS [25/07/2001 - 23:00:00 | N | 45124] D:\NTDETECT.COM [17/08/2001 - 16:32:24 | N | 0] D:\NTFS [25/07/2001 - 23:00:00 | N | 222880] D:\NTLDR [10/09/2002 - 14:58:12 | N | 181616] D:\protect.ed [23/11/2004 - 17:39:42 | N | 36] D:\SaveFile.Dir [30/04/2001 - 21:16:46 | N | 14] D:\SVGA [01/01/2005 - 15:45:24 | N | 900] D:\USER [08/02/2002 - 17:44:24 | N | 88038] D:\Warning.bmp [18/08/2001 - 16:00:00 | N | 10] D:\WIN51 [22/01/2001 - 16:00:00 | N | 11] D:\WIN51.B2 [25/07/2001 - 16:00:00 | N | 11] D:\WIN51.RC1 [25/07/2001 - 21:47:04 | N | 11] D:\WIN51.RC2 [18/08/2001 - 16:00:00 | N | 10] D:\WIN51IC [20/03/2001 - 16:00:00 | N | 11] D:\WIN51IC.B2 [25/07/2001 - 16:00:00 | N | 11] D:\WIN51IC.RC1 [25/07/2001 - 16:00:00 | N | 11] D:\WIN51IC.RC2 [17/08/2001 - 16:00:00 | N | 10] D:\WIN51IP [22/01/2001 - 16:00:00 | N | 11] D:\WIN51IP.B2 [25/07/2001 - 21:47:04 | N | 11] D:\WIN51IP.RC2 [17/08/2001 - 14:17:02 | N | 184] D:\WINBOM.INI [01/01/2005 - 15:45:10 | D ] D:\cmdcons [01/01/2005 - 15:45:10 | D ] D:\hp [01/01/2005 - 15:45:10 | D ] D:\I386 [01/01/2005 - 15:46:14 | D ] D:\MiniNT [01/01/2005 - 16:17:22 | D ] D:\PRELOAD [24/02/2004 - 18:38:52 | N | 498] D:\BATCH.OLD [24/11/2004 - 21:55:24 | D ] D:\Réinstallation Système [30/03/1999 - 18:17:54 | D ] D:\SYSTEM.SAV [01/01/2005 - 15:45:08 | D ] D:\TOOLS [01/02/2005 - 01:34:44 | N | 1552] D:\BATCH.LOG [01/01/2005 - 15:13:38 | SHD ] D:\System Volume Information [01/01/2005 - 15:45:10 | D ] D:\RECOVERY [01/01/2005 - 16:16:06 | SHD ] D:\Recycled [02/01/2006 - 22:26:22 | D ] D:\Documents [25/05/2007 - 19:42:12 | N | 318] D:\Raccourci vers HP_PAVILION ©.lnk ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_PICASSO.zip Upload TeamXscript Merci de votre contribution. ################## | E.O.F | Voici maintenant le rapport "avenger": Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "xgtnbjle" disabled successfully. Driver "xgtnbjle" deleted successfully. Error: could not open file "c:\windows\system32\dboyvmyo.dll" Deletion of file "c:\windows\system32\dboyvmyo.dll" failed! Status: 0xc0000022 (STATUS_ACCESS_DENIED) Error: folder "c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2" not found! Deletion of folder "c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File move operation "c:\atapi.sys|c:\windows\system32\drivers\atapi.sys" completed successfully. Error: could not open registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}" for deletion Deletion of registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}" failed! Status: 0xc0000022 (STATUS_ACCESS_DENIED) Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage" deleted successfully. Program "ComboFix "C:\CFscript.txt"" successfully queued to run on reboot. Completed script processing. ******************* Finished! Terminate. Enfin, le dernier rapport "combofix': ComboFix 11-03-24.03 - HP_Propriétaire 25/03/2011 11:43:22.6.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.121 [GMT 1:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe Commutateurs utilisés :: C:\CFscript.txt AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\cleanup.exe c:\windows\system32\dboyvmyo.dll c:\windows\system32\drivers\iblzdvgp.sys c:\windows\system32\drivers\oqqapsdd.sys c:\windows\system32\qyzxwcuz.dll C:\zip.exe . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_IBLZDVGP -------\Legacy_XGTNBJLE -------\Service_iblzdvgp . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-25 au 2011-03-25 )))))))))))))))))))))))))))))))))))) . . 2011-03-25 10:28 . 2011-03-25 10:28 574 ----a-w- C:\cleanup.bat 2011-03-22 14:01 . 2011-03-25 10:02 -------- d-----w- C:\UsbFix 2011-03-17 22:30 . 2011-03-18 13:54 -------- d-----w- C:\FR-files 2011-03-17 22:19 . 2011-03-17 22:40 -------- d-----w- C:\WinFileReplace 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-06 22:22 . 2011-03-06 22:22 512 ------w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-07 12:56 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 21:49 . 2011-02-23 21:50 -------- d-----w- c:\program files\CCleaner 2011-02-23 21:48 . 2011-02-23 21:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-02-23 21:47 . 2011-02-23 21:47 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-02-23 21:40 . 2011-02-23 21:40 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Reviversoft 2011-02-23 15:04 . 2011-02-23 21:48 -------- d-----r- c:\documents and settings\NetworkService\Favoris . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-25 10:02 . 2011-03-25 10:02 3850045 ----a-w- C:\UsbFix_Upload_Me_PICASSO.zip 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-05 18:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [21/02/2007 23:20 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [21/02/2007 23:20 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 07:21 114768] R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [07/06/2007 09:52 719392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 07:21 20560] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 18:58 135664] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 19:40 606208] . Contenu du dossier 'Tâches planifiées' . 2011-03-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-25 12:02 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3224) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\ALCXMNTR.EXE c:\windows\system32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2011-03-25 12:23:26 - La machine a redémarré ComboFix-quarantined-files.txt 2011-03-25 11:23 ComboFix2.txt 2011-03-16 21:08 ComboFix3.txt 2011-03-15 23:46 ComboFix4.txt 2011-03-14 20:45 ComboFix5.txt 2011-03-25 10:39 . Avant-CF: 122 255 634 432 octets libres Après-CF: 122 310 770 688 octets libres . - - End Of File - - 524982D5363E2132ECE21F12A57ADDF4 Bonne journée à vous et encore merci par avance pour votre aide en or ! cordialement
  19. ben ali
    Bonjour Bernard, Désolé j'étais parti quelques jours donc je reviens seulement maintenant sur le champs de bataille de la désinfection de mon ordi. Je te mets ci après le rapport usbfix (par contre je ne suis pas sûr d'avoir réussi à désactiver toutes mes protections anti-virus): ############################## | UsbFix 7.042 | [Recherche] Utilisateur: HP_Propriétaire (Administrateur) # PICASSO [ ] Mis à jour le 21/03/2011 par TeamXscript Lancé à 15:02:10 | 22/03/2011 Site Web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF Submit your sample: Upload TeamXscript Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Athlon 64 Processor 3400+ Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Pare-feu Windows: Désactivé /!\ Antivirus: avast! antivirus 4.8.1368 [VPS 101130-1] 4.8.1368 [Enabled | (!) Outdated] Antivirus: a-squared Anti-Malware 4 [Enabled | Updated] RAM -> 446 Mo C:\ (%systemdrive%) -> Disque fixe # 180 Go (114 Go libre(s) - 63%) [HP_PAVILION] # NTFS D:\ -> Disque fixe # 6 Go (1 Go libre(s) - 25%) [HP_RECOVERY] # FAT32 E:\ -> CD-ROM K:\ -> CD-ROM ################## | Éléments infectieux | Présent! C:\log.txt Présent! C:\tmp ################## | Registre | Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | P.S : Pour répondre à ta question, non je n'ai malheureusement plus sous la main le cd d'installation de XP ! Merci encore par avance pour ton aide en or ! Cordialement
  20. ben ali
    Bonjour Bernard, La tentative de remplacement du fichier atapi.sys a apparemment échouée ! Voici le rapport : WinFileReplace - ver : 1.1.0 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 3 Fran‡ais --------------------------- Contrôle du fichier téléchargé : MD5 recherchée : a9a9a86e7330bffaf64ae2acfb73d959 sp3.000 MD5 : a9a9a86e7330bffaf64ae2acfb73d959 et --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- "c:\WINDOWS\system32\drivers\atapi.sys" MD5 : Unable to open "C:\FR-files\atapi.sys" MD5 : 9f3a2f5aa6875c72bf062c712cfa2674 Commande ECHO désactivée. Commande ECHO désactivée. sont différents... ----------- ============ Comparaison des fichiers après remplacement ============ ----------- Les fichiers "c:\WINDOWS\system32\drivers\atapi.sys" MD5 = Unable to open et "C:\FR-files\atapi.sys" MD5 = 9f3a2f5aa6875c72bf062c712cfa2674 sont différents... Echec du remplacement ----------- ======= Fin du rapport ======= Merci encore par avance pour vos indications et votre gentillesse !
  21. ben ali
    Bonsoir Bernard, Voici le dernier rapport en date de combofix: ComboFix 11-03-16.01 - HP_Propriétaire 16/03/2011 21:44:47.5.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.124 [GMT 1:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-16 au 2011-03-16 )))))))))))))))))))))))))))))))))))) . . 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-06 22:22 . 2011-03-06 22:22 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-07 12:56 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 21:49 . 2011-02-23 21:50 -------- d-----w- c:\program files\CCleaner 2011-02-23 21:48 . 2011-02-23 21:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-02-23 21:47 . 2011-02-23 21:47 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-02-23 21:40 . 2011-02-23 21:40 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Reviversoft 2011-02-23 15:04 . 2011-02-23 21:48 -------- d-----r- c:\documents and settings\NetworkService\Favoris . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-05 18:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:53 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:53 . 2004-08-05 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:53 . 2004-08-05 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-05 18:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-05 18:00 385024 ----a-w- c:\windows\system32\html.iec . . ------- Sigcheck ------- . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-05 18:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{32C2EEAF-79B6-0261-3C86-5B83C0688136}" [HKEY_CLASSES_ROOT\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [21/02/2007 23:20 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [21/02/2007 23:20 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 07:21 114768] R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [07/06/2007 09:52 719392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 07:21 20560] R2 xgtnbjle;USB to IEEE-1284.4 Translation HPZius12Controller;c:\windows\System32\svchost.exe -k netsvcs [05/08/2004 19:00 14336] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 18:58 135664] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 19:40 606208] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs xgtnbjle . Contenu du dossier 'Tâches planifiées' . 2011-03-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-16 22:00 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\Ati2evxx.dll c:\windows\system32\dboyvmyo.dll c:\windows\system32\libssl32.dll c:\windows\system32\LIBEAY32.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\ImgUtil.dll c:\windows\system32\wmploc.dll . - - - - - - - > 'explorer.exe'(3792) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\dboyvmyo.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll c:\windows\system32\libssl32.dll c:\windows\system32\LIBEAY32.dll . Heure de fin: 2011-03-16 22:08:40 ComboFix-quarantined-files.txt 2011-03-16 21:08 ComboFix2.txt 2011-03-15 23:46 ComboFix3.txt 2011-03-14 20:45 ComboFix4.txt 2011-03-13 22:09 . Avant-CF: 122 697 842 688 octets libres Après-CF: 122 713 833 472 octets libres . - - End Of File - - 038B237A821E3EC0ED1577F85C8D0ECA Merci encore mille fois pour tout !
  22. ben ali
    Rebonjour Bernard, Voici le rapport OTL que vous m'avez demandé: All processes killed ========== OTL ========== ========== SERVICES/DRIVERS ========== Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! Service PDRELI stopped successfully! Service PDRELI deleted successfully! Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage\ deleted successfully. Registry key HKEY_CLASSES_ROOT\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}\ deleted successfully. ========== FILES ========== c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2 folder moved successfully. c:\windows\system32\dboyvmyo.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrateur.PICASSO ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 9501 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: HP_Propriétaire ->Temp folder emptied: 8828686 bytes ->Temporary Internet Files folder emptied: 6206398 bytes ->Java cache emptied: 16172 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 4801 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 853386 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 564 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17048 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 15,00 mb [EMPTYFLASH] User: Administrateur User: Administrateur.PICASSO ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: HP_Propriétaire ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. OTL by OldTimer - Version 3.2.22.3 log created on 03162011_190321 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\SCUBWLSN\;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=2230831632581535[1].htm not found! C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\SCUBWLSN\search[2].htm moved successfully. File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\0;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=368447239215520[1].htm not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\0;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=486222941178412[1].htm not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\300x250_hp.i[1].hd;sz=300x250;tile=1;;bp=OK;var1=;var2=;var3=;var4=;var21=;var22=;var23=;var24=;var25=;var26=;;var8=;var9=;var10=;var7=;u=id=%7C%7C%7C;;ord=6573789120681620 not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=6634380250469323[1].htm not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=7702178948614473[1].htm not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=7707511690395830[1].htm not found! C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\afr[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\S911SJMX\pc-infeste-de-trojan-worm-et-autres-backdoor-t183326[1].htm moved successfully. File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\B26H5RNS\;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=2393284323809418[1].htm not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\B26H5RNS\;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=4347805567923422[1].htm not found! C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\B26H5RNS\ban_home_728x90[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\B26H5RNS\canvas_proxy[1].htm moved successfully. File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\07XHN8PV\0;var11=;var14=;var42;u=id=v4KWrNvllrvDQAbgN8mMtQ%7C1=null%7C2=2%7C3=06650%7C21=3%7C22=2%7C23=2%7C24=2%7C25=1%7C26=3146%7C8=0%7C9=0%7C10=0%7C%7C;;ord=683229873539555[1].htm not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF1C2.tmp not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF1CF.tmp not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF228.tmp not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF258.tmp not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF362.tmp not found! File\Folder C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF371.tmp not found! C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\A28J2RE7\details[1].txt moved successfully. C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\A28J2RE7\Messenger[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\8EGYXP1S\LocalStorage[1].htm moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\Perflib_Perfdata_72c.dat scheduled to be moved on reboot. Registry entries deleted on Reboot... Merci encore par avance pour votre grande aide !
  23. ben ali
    Bonjour Bernard, Voici le dernier rapport combofix: ComboFix 11-03-15.01 - HP_Propriétaire 16/03/2011 0:09.4.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.175 [GMT 1:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2" "c:\program files\Fichiers communs\Windows Live\.cache\wlc5.tmp" "c:\windows\~DFF6CD.tmp" "c:\windows\system32\dboyvmyo.dll" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Fichiers communs\Windows Live\.cache\wlc5.tmp c:\windows\~DFF6CD.tmp c:\windows\system32\dboyvmyo.dll . . --------------- FCopy --------------- . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_XGTNBJLE -------\Service_xgtnbjle . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-15 au 2011-03-15 )))))))))))))))))))))))))))))))))))) . . 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-13 09:57 . 2011-03-13 18:03 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-06 22:22 . 2011-03-06 22:22 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-07 12:56 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 21:49 . 2011-02-23 21:50 -------- d-----w- c:\program files\CCleaner 2011-02-23 21:48 . 2011-02-23 21:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-02-23 21:47 . 2011-02-23 21:47 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-02-23 21:40 . 2011-02-23 21:40 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Reviversoft 2011-02-23 15:04 . 2011-02-23 21:48 -------- d-----r- c:\documents and settings\NetworkService\Favoris . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-05 18:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:53 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:53 . 2004-08-05 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:53 . 2004-08-05 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-05 18:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-05 18:00 385024 ----a-w- c:\windows\system32\html.iec . . ------- Sigcheck ------- . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-05 18:00 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{32C2EEAF-79B6-0261-3C86-5B83C0688136}" [HKEY_CLASSES_ROOT\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [21/02/2007 23:20 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [21/02/2007 23:20 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 07:21 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 07:21 20560] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 19:40 606208] . Contenu du dossier 'Tâches planifiées' . 2011-03-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-16 00:30 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\Ati2evxx.dll c:\windows\system32\dboyvmyo.dll c:\windows\system32\libssl32.dll c:\windows\system32\LIBEAY32.dll . - - - - - - - > 'explorer.exe'(2780) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\dboyvmyo.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\libssl32.dll c:\windows\system32\LIBEAY32.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\a-squared Anti-Malware\a2service.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Google\Update\GoogleUpdate.exe c:\windows\system32\wdfmgr.exe c:\windows\ALCXMNTR.EXE c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\taskmgr.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2011-03-16 00:46:52 - La machine a redémarré ComboFix-quarantined-files.txt 2011-03-15 23:46 ComboFix2.txt 2011-03-14 20:45 ComboFix3.txt 2011-03-13 22:09 . Avant-CF: 122 571 575 296 octets libres Après-CF: 122 736 398 336 octets libres . - - End Of File - - 17B14C747E1451AE694FDB8CAC0D4FA9 Merci encore par avance pour votre aide et bonne journée !
  24. ben ali
    Bonsoir Bernard, J'ai appliqué la marche à suivre indiquée dans votre dernier post. Voici le rapport de combofix après l'application de vos modifs: ComboFix 11-03-13.02 - HP_Propriétaire 14/03/2011 21:09:33.3.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.117 [GMT 1:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2" "c:\windows\~DF5466.tmp" "c:\windows\~DF84D2.tmp" "c:\windows\~DF9648.tmp" "c:\windows\~DFBAF.tmp" "c:\windows\~DFF586.tmp" "c:\windows\~DFF595.tmp" "c:\windows\~DFF6DA.tmp" "c:\windows\~DFF7B6.tmp" "c:\windows\~DFF7C3.tmp" "c:\windows\system32\drivers\ethtlmnb.sys" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\~DF5466.tmp c:\windows\~DF84D2.tmp c:\windows\~DF9648.tmp c:\windows\~DFBAF.tmp c:\windows\~DFF586.tmp c:\windows\~DFF595.tmp c:\windows\~DFF6DA.tmp c:\windows\~DFF7B6.tmp c:\windows\~DFF7C3.tmp c:\windows\system32\drivers\oqqapsdd.sys . . --------------- FCopy --------------- . c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_ethtlmnb . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-14 au 2011-03-14 )))))))))))))))))))))))))))))))))))) . . 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-13 09:57 . 2011-03-13 18:03 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-07 12:58 . 2011-03-07 12:58 16384 ----a-w- c:\windows\~DFF6CD.tmp 2011-03-06 22:22 . 2011-03-06 22:22 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-07 12:56 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 21:49 . 2011-02-23 21:50 -------- d-----w- c:\program files\CCleaner 2011-02-23 21:48 . 2011-02-23 21:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-02-23 21:47 . 2011-02-23 21:47 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-02-23 21:40 . 2011-02-23 21:40 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Reviversoft 2011-02-23 15:04 . 2011-02-23 21:48 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2011-02-23 08:56 . 2011-02-23 08:57 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlc5.tmp . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-05 18:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:53 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:53 . 2004-08-05 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:53 . 2004-08-05 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-05 18:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-05 18:00 385024 ----a-w- c:\windows\system32\html.iec . . ------- Sigcheck ------- . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys [-] 2008-04-13 16:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{32C2EEAF-79B6-0261-3C86-5B83C0688136}" [HKEY_CLASSES_ROOT\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [21/02/2007 23:20 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [21/02/2007 23:20 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 07:21 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 07:21 20560] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 19:40 606208] . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - XGTNBJLE . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs xgtnbjle . Contenu du dossier 'Tâches planifiées' . 2011-03-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . - - - - ORPHELINS SUPPRIMES - - - - . HKCU-Run-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe HKLM-Run-ORAHSSSessionManager - c:\program files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-14 21:30 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll c:\windows\system32\dboyvmyo.dll c:\windows\system32\libssl32.dll c:\windows\system32\LIBEAY32.dll . - - - - - - - > 'explorer.exe'(1740) c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll c:\windows\system32\dboyvmyo.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\libssl32.dll c:\windows\system32\LIBEAY32.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\a-squared Anti-Malware\a2service.exe c:\program files\Google\Update\GoogleUpdate.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\windows\ALCXMNTR.EXE c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2011-03-14 21:45:21 - La machine a redémarré ComboFix-quarantined-files.txt 2011-03-14 20:45 ComboFix2.txt 2011-03-13 22:09 . Avant-CF: 122 750 947 328 octets libres Après-CF: 122 783 899 648 octets libres . - - End Of File - - 6A2F8ED3BD9335947F02E915EB7DFC80 Merci encore mille fois par avance pour le temps que vous prenez pour m'aider !
  25. ben ali
    Bonsoir Bernard, Voici le rapport combofix: ComboFix 11-03-12.01 - HP_Propriétaire 13/03/2011 22:28:14.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.43 [GMT 1:00] Lancé depuis: c:\thomas\iufm\EmsisoftEmergencyKit\ComboFix.exe AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} AV: avast! antivirus 4.8.1368 [VPS 101130-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\HP_Propriétaire\Application Data\Adobe\plugs c:\documents and settings\HP_Propriétaire\Application Data\OfferBox c:\documents and settings\HP_Propriétaire\Application Data\OfferBox\config.dat c:\documents and settings\HP_Propriétaire\Application Data\OfferBox\config.xml c:\program files\OfferBox c:\program files\OfferBox\OfferBox.exe c:\program files\OfferBox\OfferBoxBHO.dll c:\program files\OfferBox\OfferBoxChromeExtension.crx c:\program files\OfferBox\OfferBoxEngine.dll c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf c:\program files\OfferBox\OfferBoxLauncher.exe c:\program files\OfferBox\res\language.xml c:\program files\OfferBox\res\loader.gif c:\program files\OfferBox\uninst.exe c:\tdsskiller\tdsskiller.exe c:\windows\system32\dboyvmyo.dll c:\windows\system32\drivers\iblzdvgp.sys c:\windows\system32\drivers\oqqapsdd.sys c:\windows\system32\qyzxwcuz.dll . ---- Exécution préalable ------- . c:\program files\Internet Explorer\iekey.dll c:\windows\Fonts\acrsec.fon c:\windows\system\hpsysdrv .DAT c:\windows\system\hpsysdrv .exe c:\windows\system32\drivers\iblzdvgp.sys c:\windows\system32\drivers\oqqapsdd.sys c:\windows\system32\ps2.bat D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS -------\Legacy_iblzdvgp -------\Service_iblzdvgp -------\Legacy_IBLZDVGP -------\Legacy_XGTNBJLE -------\Service_iblzdvgp -------\Service_xgtnbjle . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 )))))))))))))))))))))))))))))))))))) . . 2011-03-13 11:17 . 2011-03-13 15:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2011-03-13 09:57 . 2011-03-13 18:03 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\A2919433905566FFA489B5F314DA0CD2 2011-03-08 13:28 . 2011-03-13 21:44 -------- d-----w- C:\tdsskiller 2011-03-07 14:18 . 2011-03-07 14:23 16384 ----atw- c:\windows\~DF84D2.tmp 2011-03-07 14:03 . 2011-03-07 14:21 16384 ----atw- c:\windows\~DFBAF.tmp 2011-03-07 13:07 . 2011-03-07 13:07 81920 ----a-w- c:\windows\~DF5466.tmp 2011-03-07 12:58 . 2011-03-07 12:58 512 ----atw- c:\windows\~DFF7C3.tmp 2011-03-07 12:58 . 2011-03-07 12:58 32768 ----a-w- c:\windows\~DFF7B6.tmp 2011-03-07 12:58 . 2011-03-07 12:58 512 ----atw- c:\windows\~DFF6DA.tmp 2011-03-07 12:58 . 2011-03-07 12:58 512 ----atw- c:\windows\~DFF595.tmp 2011-03-07 12:58 . 2011-03-07 12:58 32768 ----a-w- c:\windows\~DFF586.tmp 2011-03-07 12:58 . 2011-03-07 12:58 16384 ----a-w- c:\windows\~DFF6CD.tmp 2011-03-07 12:57 . 2011-03-07 12:57 0 ----atw- c:\windows\~DF9648.tmp 2011-03-06 22:22 . 2011-03-06 22:22 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2011-03-06 21:43 . 2011-03-07 12:56 -------- d-----w- c:\program files\ZHPDiag 2011-03-06 19:26 . 2011-03-06 19:26 -------- d-----w- C:\_OTL 2011-03-03 19:51 . 2011-03-03 19:51 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\PrivacIE 2011-03-01 09:39 . 2011-03-01 09:39 -------- d-sh--w- c:\documents and settings\Administrateur.PICASSO\IETldCache 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-23 21:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-23 21:59 . 2011-02-23 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-23 21:49 . 2011-02-23 21:50 -------- d-----w- c:\program files\CCleaner 2011-02-23 21:48 . 2011-02-23 21:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-02-23 21:47 . 2011-02-23 21:47 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache 2011-02-23 21:40 . 2011-02-23 21:40 -------- d-----w- c:\documents and settings\HP_Propriétaire\Application Data\Reviversoft 2011-02-23 15:04 . 2011-02-23 21:48 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2011-02-23 08:56 . 2011-02-23 08:57 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlc5.tmp . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:54 . 2004-08-05 18:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-08-05 18:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:59 . 2004-08-05 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-05 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-05 18:00 441344 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-05 18:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2004-08-05 18:00 1855104 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-05 18:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:53 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:53 . 2004-08-05 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:53 . 2004-08-05 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-05 18:00 736768 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-05 18:00 385024 ----a-w- c:\windows\system32\html.iec . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe c:\program files\Belkin\F5D7050v3\Belkinwcui .exe c:\program files\Fichiers communs\Real\Update_OB\realsched .exe c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe c:\program files\HP\HP Software Update\HPWuSchd2 .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\ScanSoft\OmniPageSE4\OpwareSE4 .exe c:\windows\SMINST\RECGUARD .exe </pre> . ------- Sigcheck ------- . [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys [-] 2008-04-13 16:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{32C2EEAF-79B6-0261-3C86-5B83C0688136}" [HKEY_CLASSES_ROOT\CLSID\{32C2EEAF-79B6-0261-3C86-5B83C0688136}] 2004-08-05 12:00 737280 ----a-w- c:\windows\system32\dboyvmyo.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856] "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [N/A] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [N/A] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A] "ORAHSSSessionManager"="c:\program files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" [N/A] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [N/A] "AutoTBar"="c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [N/A] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A] "a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-03-10 3438992] . c:\documents and settings\Administrateur.PICASSO\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-18 110592] Dell Control Utility.lnk - c:\program files\TM1184\ControlUtility\ControlUtility.exe [2007-2-4 262144] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13410:TCP"= 13410:TCP:NortonAV "15075:TCP"= 15075:TCP:NortonAV "16280:TCP"= 16280:TCP:NortonAV "12707:TCP"= 12707:TCP:NortonAV "14482:TCP"= 14482:TCP:NortonAV "6634:TCP"= 6634:TCP:spport "13758:TCP"= 13758:TCP:spport . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [21/02/2007 23:20 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [21/02/2007 23:20 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2008 07:21 114768] R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [07/06/2007 09:52 719392] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2008 07:21 20560] S1 ethtlmnb;ethtlmnb;\??\c:\windows\system32\drivers\ethtlmnb.sys --> c:\windows\system32\drivers\ethtlmnb.sys [?] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 18:58 135664] S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;c:\windows\system32\drivers\DELUSB_51.sys [02/01/2006 19:40 606208] . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - XGTNBJLE . Contenu du dossier 'Tâches planifiées' . 2011-03-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 20:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab FF - ProfilePath - c:\documents and settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\kn1t48o0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox&client=firefox-a&rlz=1R0GGIC_fr FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-Logiciel de saisie de commande 2006 - c:\pichon06\setup\setup.exe AddRemove-Project Canarias 2006 - c:\program files\Microsoft Games\Flight Simulator 9\CanarySim\Data\uninstall.exe AddRemove-Saber Jet Installer_is1 - c:\program files\Microsoft Games\Flight Simulator 9\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-03-13 22:52 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . . c:\windows\system32\dboyvmyo.dll 737280 bytes executable . Scan terminé avec succès Fichiers cachés: 1 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,58,c9,91,42,63,98,4d,a8,1e,1c,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\Ati2evxx.dll c:\windows\system32\dboyvmyo.dll . - - - - - - - > 'explorer.exe'(1712) c:\windows\system32\dboyvmyo.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\ALCXMNTR.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Heure de fin: 2011-03-13 23:09:33 - La machine a redémarré ComboFix-quarantined-files.txt 2011-03-13 22:09 . Avant-CF: 122 266 324 992 octets libres Après-CF: 122 740 854 784 octets libres . - - End Of File - - FFA52DD43728ABBA55F6C838961E3400
×
×
  • Créer...