[Résolu] winupgro.exe

[Mark]

Bonjour agenor47

 

Tout d'abord, merci pour le fichier. J'ai pu faire quelques tests ici, grâce à lui. Il s'agit bien d'une variante toute récente, inconnue de plusieurs bons antivirus dont AntiVir, Microsoft et Kaspersky pour ne nommer que ceux-là. Le fichier a donc rapidement été envoyé aux éditeurs (merci à Falkra ).

 

Mes essais ont pu démontrer que FindyKill et ComboFix, mêmes versions que celles que tu as présentement, n'ont aucune difficulté à identifier et virer la bête. Alors pourquoi ça ne fonctionne pas sur ta machine ? Je reviens à ma remarque initiale : trop de protections... D'après ce que tu m'as dit hier, je pense que c'est

Spy Sweeper le responsable, mais bien malgré lui. La seule façon de vérifier l'hypothèse : désinstaller le programme. Y a Pest Patrol que je vois là, aussi, qui pourrait nuire à nos efforts. a-squared et Windows Defender n'ont pas la réputation de bloquer les outils. Si tu possèdes des licences pour SpySweeper et Pest Patrol, pas de soucis, tu pourras les remettre après le nettoyage. Je t'en suggérai des meilleurs, si tu veux (gratuits ou payants).

 

Voici ce que je te propose :

=====

 

> Désinstalle Spy Sweeper et Pest Patrol complètement.

> Repasse FindyKill avec l'option #2

> Colle son rapport ici pour vérification.

> Essaie de surfer jusqu'ici avec la machine...

 

À bientôt,

 

Mark

[agenor47]

Bonsoir Mark,

On s'y recolle ? Rien de nouveau depuis hier, je peux tjs surfer sauf sur qqes rares sites, notamment les forums.

Je te livre le nouveau rapport findykill, tout chaud!

 

############################## | FindyKill V5.024 |

 

# User : Yancau (Administrateurs) # CAUJOLLE-381D1A

# Update on 09/01/2010 by El Desaparecido

# Start at: 18:11:52 | 15/01/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Intel® Core2 Quad CPU Q6600 @ 2.40GHz

# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Disabled

# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

 

# A:\ # Lecteur de disquettes 3 ½ pouces

# C:\ # Disque fixe local # 77,93 Go (42,39 Go free) # NTFS

# D:\ # Disque fixe local # 67,06 Go (53,19 Go free) [Applog] # NTFS

# E:\ # Disque fixe local # 87,9 Go (38,88 Go free) [Données] # NTFS

# F:\ # Disque fixe local # 32,25 Go (32,16 Go free) [sAUVEGARDE] # NTFS

# G:\ # Disque fixe local # 120,41 Go (64,81 Go free) [Ma Musique] # NTFS

# H:\ # Disque CD-ROM

# I:\ # Disque CD-ROM

 

############################## | Processus actifs |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

D:\Sécurité\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Sécurité\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

D:\SéCURITé\A-SQUARED FREE\a2service.exe

D:\Sécurité\Avira\AntiVir Desktop\avguard.exe

D:\Systéme\Diskeeper Corporation\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

D:\Utilitaires\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | C: |

 

 

################## | C:\WINDOWS |

 

 

################## | C:\WINDOWS\Prefetch |

 

Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-16ABE98D.pf

Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-29DA3169.pf

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\Yancau\Application Data |

 

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5854937.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5855140.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5855343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5855625.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5855828.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5874984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5880328.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5880531.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5885687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5886796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5895171.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5895812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5896437.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5896750.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5896968.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5897359.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5897765.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5898281.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5898703.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5898921.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5899203.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5899640.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5900062.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5900265.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5900484.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5900640.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5900796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5901906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5902593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5902796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5903000.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5903296.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5903578.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5903984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5904406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5905531.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5906156.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5906828.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5907546.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5909343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5910859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5911187.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5911468.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5911765.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5912078.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5912593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5912796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5913031.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5913265.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5913421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5913593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5914203.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5914984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5916031.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5916812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5917031.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5917234.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5917421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5917609.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5918625.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5919562.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5919750.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5920968.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5922375.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5923046.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5923890.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5924500.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5924718.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5925203.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5925593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5926000.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5926203.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5926375.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5926593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5926796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5927000.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5927187.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5927812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5928421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5928625.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5928843.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5929046.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5933859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5934453.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5934875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5935171.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5964484.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5965281.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5965703.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5967265.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5968750.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5969171.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5969562.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5970078.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5970484.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5970687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5970906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\5971109.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6013500.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6014109.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6014703.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6015015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6015296.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6015718.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6016109.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6016515.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6016921.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6017140.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6017937.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6020062.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6020968.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6021234.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6021500.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6021687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6024750.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6025171.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6025609.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6026390.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6026875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6029312.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6031187.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6031375.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6051859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6052390.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6056937.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6057125.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6057328.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6057531.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6057734.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6058171.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6058562.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6059468.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6060093.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6061406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6061828.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6062656.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6062937.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6063203.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6063578.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6064015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6064437.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6067015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6076625.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6076859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6077078.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6077312.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6077562.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6077859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6078078.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6078734.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6079421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6079984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6080187.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6080406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6080640.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6081062.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6081500.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6083734.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6085109.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6085343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6085531.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6085765.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6086000.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6086656.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6087234.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6087421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6087578.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6087796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6088015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6088203.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6088406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6089015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6094578.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6094968.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6095343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6095562.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6137875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6138281.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6138671.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6138906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6139109.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6139265.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6140390.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6140546.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6140781.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6141171.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6141484.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6141968.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6142453.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6142687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6142875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6143156.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6143359.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6144281.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6148343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6148687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6148906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6149156.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6149343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6149593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6149812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6150031.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6150234.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6151078.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6151484.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6151687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6151890.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6152828.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6159406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6159718.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6159984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6160515.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6160968.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6169734.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6170625.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6171906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6172671.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6173875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6175000.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6175296.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6209531.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6215140.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6219765.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6219937.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6220156.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6220578.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6220984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6221656.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6222406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6222890.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6223390.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6227593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6234375.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6234656.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6276796.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6277250.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6277625.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6277875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6278109.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6278390.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6278671.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6278906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6279093.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6280859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6282406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6282640.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6282890.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6283062.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6283250.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6284250.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6284875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6285062.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6285281.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6287000.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6288984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6289187.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6289390.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6289812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6290156.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6292312.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6294906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6298046.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6300937.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6301453.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6301687.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6301906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6302125.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6302343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6302578.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6311875.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6312187.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6312421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6312593.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6312859.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6313031.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6313421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6314078.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6316375.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6317812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6318281.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6339359.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6343218.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6347015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6347218.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6347453.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6347765.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6347984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6348421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6348890.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6349406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6358765.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6359984.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6360656.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6361562.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6362343.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6362953.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6363468.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6364234.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6369296.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6369921.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6372484.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6372890.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6406656.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6406843.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6407015.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6407265.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6407500.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6408046.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6408421.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6410328.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6413515.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6413703.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6413906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6414406.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6414906.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6415359.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6415812.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6416046.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6416312.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6416515.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6416734.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6417250.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6417750.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld\6418500.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\downld

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\winupgro.exe

Supprimé ! C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers

 

################## | Références de comparaison Bagle MD5 : |

 

File : C:\Qoobox\Quarantine\C\Documents and Settings\Parents.CAUJOLLE-381D1A\Application Data\drivers\winupgro.exe.vir

-> Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

 

################## | Autres suppressions ... |

 

Supprimé ! "D:\Utilitaires\Rainlendar2\Rainlendar2.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0031521.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0031540.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0031578.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0031646.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0031668.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0032673.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0032681.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0032915.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0032918.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0032919.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP179\A0035078.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP186\A0036413.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP186\A0036566.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP189\A0037304.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

Supprimé ! "C:\System Volume Information\_restore{5C48B599-E7F5-4097-A6B0-6CEE0E0505CA}\RP193\A0038076.exe"

-> Size : 844800 | Crc32 : f8e06a5c | Md5 : 0fec902a87795cb614a7c7844e13bf0f

 

################## | Temporary Internet Files |

 

 

################## | Registre |

 

 

################## | Etat |

 

# Mode sans echec : OK

 

 

# Affichage des fichiers cachés : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# windefend -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | PEH |

 

 

################## | Cracks > Keygens > Serials |

 

"C:\Documents and Settings\Parents\Bureau\Nouveau dossier\freecorder\Freecorder V2.2+crk\crack\Freecorder.exe"

26/10/2004 16:28 |Size 532480 |Crc32 ed3bf5fa |Md5 fa50b842187ee0f1d42530fbf73e7873

 

"C:\Documents and Settings\Parents\Bureau\Nouveau dossier\image logiciels\Everest\keygen.exe"

06/09/2008 06:24 |Size 44544 |Crc32 6c5bcab8 |Md5 933330ee37194f0845342f4cacd5e6d9

 

"C:\Documents and Settings\Parents\Bureau\Nouveau dossier\image logiciels\Winiso\KeyGen_WinISO5.3\winiso53.exe"

30/07/2008 21:40 |Size 7440 |Crc32 7c589e91 |Md5 a0d42b98f11125150feb3022b34e2e0b

 

"C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Bureau\Nouveau dossier\eTrust\keygen.exe"

05/07/2006 19:41 |Size 173568 |Crc32 87532344 |Md5 5bf3b3ed78d112aa60865e680d7c3e87

 

"C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Bureau\Nouveau dossier\GoodSync.8.0.0.0 + Keymaker-CORE\keygen.exe"

29/03/2008 22:48 |Size 118272 |Crc32 617bec76 |Md5 a51c73e436c2151d19330189835c62e5

 

"C:\Documents and Settings\Parents.CAUJOLLE-381D1A\Bureau\Nouveau dossier\Keygen\keygen.EXE"

30/09/2008 16:29 |Size 436736 |Crc32 68c628ec |Md5 64f7b016e077e63ff822696f32199d0c

 

"C:\Program Files\Java\jdk1.6.0_07\bin\serialver.exe"

10/06/2008 01:10 |Size 25600 |Crc32 b25382b8 |Md5 e20ba2247633f6b8523e32c66c497112

 

"G:\Ma Musique\Musique_genres\Logiciels\Cracks Keygen\Photoshop cs\Patch.exe"

12/11/2004 01:15 |Size 978593 |Crc32 ec6f6daa |Md5 c5f92bc7729bc95ee481ebd242d30e2f

 

 

################## | ! Fin du rapport # FindyKill V5.024 ! |

[Mark]

Merci à nouveau pour le rapport

 

Bon, y a vraiment autre chose qui protège l'infection ; une application probablement, et je dois l'identifier sinon Bagle ne quittera jamais. Voici la suite, un outil diagnostique seulement, pour l'instant. Tu peux le télécharger via le PC infecté ; si ça coince, prends-le sur le portable et transporte-le :

==========

 

Télécharge OTL (de Old Timer) et sauvegarde-le sur ton Bureau :

http://oldtimer.geekstogo.com/OTL.exe

 

- Lance l'outil par double clic ;

- Copie/colle la liste suivante (en gras) dans la boîte "Custom Scan/Fixes" :

 

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

 

 

 

- Clique maintenant sur le bouton "Quick Scan" ; l'analyse peut durer quelques minutes.

- Ne pas modifier aucun réglage sauf si prescrit.

- Deux rapports seront générés par OTL, soient OTL.txt et Extras.txt : l'un sera ouvert (Bloc-notes) et l'autre réduit dans la barre des tâches.

- Copie/colle le contenu des deux rapports ici, dans ta réponse, s'il te plaît.

 

@ bientôt

 

Mark

[agenor47]

Allez, dans la série on continue, voici les derniers rapports demandés

 

 

OTL Extras logfile created on: 15/01/2010 19:19:10 - Run 1

OTL by OldTimer - Version 3.1.25.0 Folder = C:\Documents and Settings\Yancau\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 77,93 Gb Total Space | 42,63 Gb Free Space | 54,70% Space Free | Partition Type: NTFS

Drive D: | 67,06 Gb Total Space | 53,22 Gb Free Space | 79,36% Space Free | Partition Type: NTFS

Drive E: | 87,90 Gb Total Space | 38,88 Gb Free Space | 44,23% Space Free | Partition Type: NTFS

Drive F: | 32,25 Gb Total Space | 32,16 Gb Free Space | 99,73% Space Free | Partition Type: NTFS

Drive G: | 120,41 Gb Total Space | 64,81 Gb Free Space | 53,82% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 3,95 Gb Total Space | 2,23 Gb Free Space | 56,52% Space Free | Partition Type: FAT32

 

Computer Name: CAUJOLLE-381D1A

Current User Name: Yancau

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hta [@ = ] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Internet\Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Bureautique & Gestion\Office Entreprise 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Multimédia\VLC media player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Multimédia\VLC media player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Internet\P2P\Emule\emule.exe" = D:\Internet\P2P\Emule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{04DA096D-6236-4A5D-8FB6-3081E67009BA}" = CANAL+ CANALSAT A LA DEMANDE

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series

"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{3E73666F-BC62-49A9-857D-C90A5B2CF899}" = Diskeeper 2009 Home

"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007

"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live

"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CB004EB8-C6DD-4908-8D49-C8ABA082B346}" = Ciel Paye Evolution 9.00 Etudiants

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001

"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20

"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EFABFA23-0807-4BB3-8375-BE04923A5E37}" = Ciel Gestion Commerciale Evolution 9.0 Etudiants

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3BCE8FA-0EE2-4628-BF02-AB5AF4077997}" = Ciel Compta Evolution 9.0 Etudiants

"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Antidote" = Antidote

"AtcL1" = Attansic L1 Gigabit Ethernet Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CopernicDesktopSearch2" = Copernic Desktop Search - Home

"CrystalDiskInfo_is1" = CrystalDiskInfo 3.2.0

"DMX5_is1" = DriverMax 5

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"Duplicate Cleaner_is1" = Duplicate Cleaner 1.4.3

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ENTERPRISER" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30

"Filetopia Client v3.04d" = Filetopia Client v3.04d

"Foxit PDF Editor" = Foxit PDF Editor

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MRW!UninstallKey" = InCD EasyWrite Reader (Ahead Software)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NFO viewer_is1" = NFO viewer v 2.1

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Picasa 3" = Picasa 3

"Revo Uninstaller" = Revo Uninstaller 1.85

"SpywareBlaster_is1" = SpywareBlaster 4.2

"SpywareGuard_is1" = SpywareGuard v2.2

"Steam App 34000" = Football Manager 2010

"SWF Extractor_is1" = SWF Extractor 2.3

"VirtualCloneDrive" = VirtualCloneDrive

"VLC media player" = VLC media player 1.0.2

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/11/2009 06:33:31 | Computer Name = CAUJOLLE-381D1A | Source = Application Error | ID = 1000

Description = Application défaillante explorer.exe, version 6.0.2900.5512, module

défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

 

Error - 13/11/2009 09:05:48 | Computer Name = CAUJOLLE-381D1A | Source = ESENT | ID = 490

Description = svchost (1964) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\edb.log"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 13/11/2009 09:05:50 | Computer Name = CAUJOLLE-381D1A | Source = ESENT | ID = 490

Description = svchost (1964) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\edb.log"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 13/11/2009 09:06:29 | Computer Name = CAUJOLLE-381D1A | Source = ESENT | ID = 490

Description = svchost (1964) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\edb.log"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 13/11/2009 09:06:35 | Computer Name = CAUJOLLE-381D1A | Source = ESENT | ID = 490

Description = svchost (1964) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\edb.log"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 14/11/2009 15:42:22 | Computer Name = CAUJOLLE-381D1A | Source = Application Error | ID = 1000

Description = Application défaillante explorer.exe, version 6.0.2900.5512, module

défaillant unknown, version 0.0.0.0, adresse de défaillance 0x151ec1bc.

 

Error - 14/11/2009 18:05:24 | Computer Name = CAUJOLLE-381D1A | Source = Application Error | ID = 1000

Description = Application défaillante explorer.exe, version 6.0.2900.5512, module

défaillant unknown, version 0.0.0.0, adresse de défaillance 0x04dea410.

 

Error - 16/11/2009 15:49:55 | Computer Name = CAUJOLLE-381D1A | Source = Application Error | ID = 1000

Description = Application défaillante fm.exe, version 10.1.0.19311, module défaillant

fm.exe, version 10.1.0.19311, adresse de défaillance 0x00cef952.

 

Error - 18/11/2009 17:50:59 | Computer Name = CAUJOLLE-381D1A | Source = Application Error | ID = 1000

Description = Application défaillante fm.exe, version 10.1.0.19311, module défaillant

fm.exe, version 10.1.0.19311, adresse de défaillance 0x00cef952.

 

Error - 19/11/2009 17:23:54 | Computer Name = CAUJOLLE-381D1A | Source = Application Error | ID = 1000

Description = Application défaillante washengine.exe, version 0.0.0.0, module défaillant

kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.

 

[ System Events ]

Error - 14/01/2010 13:19:59 | Computer Name = CAUJOLLE-381D1A | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : AFD avgio avipbb ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv

Tcpip

 

Error - 14/01/2010 13:20:59 | Computer Name = CAUJOLLE-381D1A | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc

avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 14/01/2010 13:20:59 | Computer Name = CAUJOLLE-381D1A | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc

avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 14/01/2010 14:12:17 | Computer Name = CAUJOLLE-381D1A | Source = DCOM | ID = 10005

Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem

avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 15/01/2010 13:00:32 | Computer Name = CAUJOLLE-381D1A | Source = ssidrv | ID = 131098

Description =

 

Error - 15/01/2010 13:00:51 | Computer Name = CAUJOLLE-381D1A | Source = Service Control Manager | ID = 7034

Description = Le service Moteur Webroot Spy Sweeper s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 15/01/2010 13:00:54 | Computer Name = CAUJOLLE-381D1A | Source = Service Control Manager | ID = 7034

Description = Le service Webroot Client Service s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 15/01/2010 13:01:02 | Computer Name = CAUJOLLE-381D1A | Source = PlugPlayManager | ID = 11

Description = Le périphérique Root\LEGACY_SSFS0BBC\0000 a disparu du système sans

que sa suppression ait tout d'abord été préparée.

 

Error - 15/01/2010 13:01:02 | Computer Name = CAUJOLLE-381D1A | Source = PlugPlayManager | ID = 11

Description = Le périphérique Root\LEGACY_SSHRMD\0000 a disparu du système sans

que sa suppression ait tout d'abord été préparée.

 

Error - 15/01/2010 13:01:02 | Computer Name = CAUJOLLE-381D1A | Source = PlugPlayManager | ID = 11

Description = Le périphérique Root\LEGACY_SSIDRV\0000 a disparu du système sans

que sa suppression ait tout d'abord été préparée.

 

 

< End of report >

 

OTL logfile created on: 15/01/2010 19:19:10 - Run 1

OTL by OldTimer - Version 3.1.25.0 Folder = C:\Documents and Settings\Yancau\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 77,93 Gb Total Space | 42,63 Gb Free Space | 54,70% Space Free | Partition Type: NTFS

Drive D: | 67,06 Gb Total Space | 53,22 Gb Free Space | 79,36% Space Free | Partition Type: NTFS

Drive E: | 87,90 Gb Total Space | 38,88 Gb Free Space | 44,23% Space Free | Partition Type: NTFS

Drive F: | 32,25 Gb Total Space | 32,16 Gb Free Space | 99,73% Space Free | Partition Type: NTFS

Drive G: | 120,41 Gb Total Space | 64,81 Gb Free Space | 53,82% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 3,95 Gb Total Space | 2,23 Gb Free Space | 56,52% Space Free | Partition Type: FAT32

 

Computer Name: CAUJOLLE-381D1A

Current User Name: Yancau

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - [2010/01/15 19:15:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yancau\Bureau\OTL.exe

PRC - [2010/01/13 18:00:45 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\Sécurité\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/01/13 18:00:45 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\Sécurité\Avira\AntiVir Desktop\sched.exe

PRC - [2009/12/29 19:00:44 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/12/29 19:00:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/11/20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009/11/17 20:27:02 | 18,789,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2009/10/15 21:06:09 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- D:\Sécurité\a-squared Free\a2service.exe

PRC - [2009/08/05 22:47:20 | 01,602,048 | ---- | M] (Copernic Inc.) -- D:\Utilitaires\Copernic Desktop Search - Home\DesktopSearchService.exe

PRC - [2009/07/13 22:18:12 | 00,071,096 | ---- | M] () -- D:\Utilitaires\CDBurnerXP\NMSAccessU.exe

PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/04/17 13:17:40 | 01,349,912 | ---- | M] (Diskeeper Corporation) -- D:\Systéme\Diskeeper Corporation\DkService.exe

PRC - [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- D:\Bureautique & Gestion\Office Entreprise 2007\Office12\WINWORD.EXE

PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- D:\Sécurité\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/08/05 19:16:40 | 00,286,720 | ---- | M] () -- D:\Utilitaires\Launchy\Launchy.exe

PRC - [2008/04/14 03:34:29 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- D:\Sécurité\Windows Defender\MSASCui.exe

PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- D:\Sécurité\Windows Defender\MsMpEng.exe

PRC - [2006/03/23 17:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\ahead\InCD\InCDsrv.exe

PRC - [2005/12/29 15:42:18 | 00,165,416 | ---- | M] (Computer Associates International, Inc.) -- D:\Sécurité\Pest Patrol\caissdt.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/01/15 19:15:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yancau\Bureau\OTL.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/01/13 18:00:45 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Sécurité\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/01/13 18:00:45 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Sécurité\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/12/29 19:00:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/11/20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2009/10/15 21:06:09 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- D:\SéCURITé\A-SQUARED FREE\a2service.exe -- (a2free)

SRV - [2009/08/23 22:00:06 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/08/17 13:01:44 | 00,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Utilitaires\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2009/07/13 22:18:12 | 00,071,096 | ---- | M] () [Auto | Running] -- D:\Utilitaires\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/04/28 17:33:56 | 00,188,416 | ---- | M] (Canal+ Active) [On_Demand | Stopped] -- C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe -- (CanalPlus.VOD)

SRV - [2009/04/17 13:17:40 | 01,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- D:\Systéme\Diskeeper Corporation\DkService.exe -- (Diskeeper)

SRV - [2009/02/10 21:00:55 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca4ea3fcc82e76) Service Google Update (gupdate1ca4ea3fcc82e76)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007/04/13 07:49:00 | 00,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Sécurité\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/03/23 17:06:38 | 00,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)

SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Live Search"

FF - prefs.js..browser.startup.homepage: "http://www.msn.fr/"

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.92

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx??mkt=fr-FR&FORM=MICWU0&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Internet\Firefox\components [2010/01/13 20:53:20 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Internet\Firefox\plugins [2010/01/07 16:44:12 | 00,000,000 | ---D | M]

 

[2009/09/27 20:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Extensions

[2009/09/27 20:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Extensions\songbird@songbirdnest.com

[2010/01/12 21:41:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions

[2009/09/27 20:42:00 | 00,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2009/09/27 20:42:00 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{0899232a-cbab-11db-8314-0800200c9a66}

[2009/09/27 20:42:00 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2009/09/27 20:41:52 | 00,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}

[2009/09/27 20:41:52 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}

[2009/09/27 20:41:52 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)

[2009/09/27 20:41:52 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(3)

[2009/09/27 20:41:51 | 00,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}

[2009/09/27 20:41:51 | 00,000,000 | ---D | M] (Strata Aero) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}

[2009/09/27 20:41:51 | 00,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}

[2010/01/10 15:13:54 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/09/27 20:41:48 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2009/09/27 20:41:48 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2009/09/27 20:41:48 | 00,000,000 | ---D | M] (Modern Modoki) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{4a428302-5267-4749-bb22-459b3236695f}

[2009/09/27 20:41:47 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{57407AE0-868F-11DC-AD21-49A755D89593}

[2009/09/27 20:41:47 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/09/27 20:41:47 | 00,000,000 | ---D | M] (View Source Chart) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}

[2009/09/27 20:41:47 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{71073f20-deb8-11da-95c9-00e08161165f}

[2009/09/27 20:41:47 | 00,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

[2009/09/27 20:41:47 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2009/09/27 20:41:45 | 00,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (keywordManager) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{78b1f0cf-8cca-4503-81bc-8523d9218a43}

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (keywordManager) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{78b1f0cf-8cca-4503-81bc-8523d9218a43}(2)

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

[2009/09/27 20:41:44 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/09/27 20:41:43 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}

[2009/09/27 20:41:43 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2009/09/27 20:41:43 | 00,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2)

[2009/09/27 20:41:43 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

[2009/09/27 20:41:42 | 00,000,000 | ---D | M] (MEDIADICO Familial) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{b055c535-4a3a-11db-9659-00e08161165f}

[2009/09/27 20:41:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}

[2009/09/27 20:41:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}

[2009/09/27 20:41:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}

[2009/09/27 20:41:41 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2009/09/27 20:41:41 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/09/27 20:41:41 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2009/09/27 20:41:41 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/09/27 20:41:41 | 00,000,000 | ---D | M] (GooglePreview) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}

[2009/09/27 20:41:41 | 00,000,000 | ---D | M] (GooglePreview) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2)

[2009/09/27 20:42:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\exif_viewer@mozilla.doslash.org

[2009/09/27 20:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\foxmarks@kei.com

[2009/09/27 20:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\fr@dictionaries.addons.mozilla.org

[2009/09/27 20:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\personas@christopher.beard

[2009/09/27 20:42:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\piclens@cooliris.com

[2009/09/27 20:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\piclens@cooliris.com-trash

[2009/09/27 20:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\qtl.co.il@gmail.com

[2009/09/27 20:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\c2h5xsp4.Yannick\extensions\staged-xpis(2)

[2009/09/27 20:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions

[2009/09/27 20:41:37 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/09/27 20:41:36 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/09/27 20:41:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/09/27 20:41:35 | 00,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

[2009/09/27 20:41:35 | 00,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}

[2009/09/27 20:41:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{dc572301-7619-498c-a57d-39143191b318}

[2009/09/27 20:41:35 | 00,000,000 | ---D | M] (iGraal) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s2bjieew.Annie\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}

[2009/09/27 20:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s7cdf7uj.default\extensions

[2009/09/27 20:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\xxaleexd.Florian\extensions

[2009/09/27 20:41:30 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\xxaleexd.Florian\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/09/27 20:41:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Sunbird\Profiles\uooxwoj1.default\extensions

[2008/09/01 19:28:51 | 00,001,776 | ---- | M] () -- C:\Documents and Settings\Yancau\Application Data\Mozilla\Firefox\Profiles\s7cdf7uj.default\searchplugins\live-search.xml

 

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Sécurité\SpywareGuard\dlprotect.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Barre d'outils Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - D:\Utilitaires\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [avgnt] D:\Sécurité\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CaISSDT] D:\Sécurité\Pest Patrol\caissdt.exe (Computer Associates International, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Sécurité\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] D:\Sécurité\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Copernic Desktop Search - Home] D:\Utilitaires\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\Yancau\Menu Démarrer\Programmes\Démarrage\Launchy.lnk = D:\Utilitaires\Launchy\Launchy.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xporter vers Microsoft Excel - D:\Bureautique & Gestion\Office Entreprise 2007\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Bureautique & Gestion\Office Entreprise 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Sécurité\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - D:\Sécurité\SpywareGuard\spywareguard.dll ()

O30 - LSA: Security Packages - (| ---- | m] (microsoft corpora) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/30 15:17:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/05/26 15:55:20 | 00,057,856 | ---- | M] () - E:\AUTORISATION PARENTALE.doc -- [ NTFS ]

O32 - AutoRun File - [2009/05/26 15:55:49 | 00,057,856 | ---- | M] () - E:\AUTORISATION PARENTALE1.doc -- [ NTFS ]

O32 - AutoRun File - [2008/11/27 12:13:44 | 00,000,197 | ---- | M] () - J:\AutoRun.inf -- [ FAT32 ]

O33 - MountPoints2\{bd482fec-ab89-11de-b62a-001e8ca539a0}\Shell\AutoRun\command - "" = J:\PortableRoboForm.exe -- [2008/11/27 12:12:16 | 00,648,016 | ---- | M] (Siber Systems)

O33 - MountPoints2\{bd482fec-ab89-11de-b62a-001e8ca539a0}\Shell\RoboForm2Go\command - "" = J:\PortableRoboForm.exe -- [2008/11/27 12:12:16 | 00,648,016 | ---- | M] (Siber Systems)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/09/27 13:14:04 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16891891626803200)

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/01/15 19:16:00 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yancau\Bureau\OTL.exe

[2010/01/15 18:10:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Yancau\Recent

[2010/01/15 18:02:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2010/01/14 19:18:49 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2010/01/14 19:18:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/01/14 19:18:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/01/14 19:18:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/01/14 19:18:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/01/13 17:54:45 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/01/13 17:54:45 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/01/13 17:54:45 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/01/13 17:54:45 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/01/13 17:54:45 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/01/13 17:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

[2010/01/12 20:58:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yancau\Application Data\Sun

[2010/01/12 20:47:25 | 00,086,528 | ---- | C] (Eric_71) -- C:\Documents and Settings\Yancau\Bureau\ZSc.exe

[2010/01/11 21:13:00 | 00,000,000 | ---D | C] -- C:\FindyKill

[2010/01/11 13:05:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SeaPort

[2010/01/11 12:03:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/01/11 12:03:04 | 00,000,000 | ---D | C] -- C:\Qoobox

[2010/01/10 21:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yancau\Application Data\Malwarebytes

[2010/01/10 15:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yancau\Application Data\GoodSync

[2009/09/25 06:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/05/10 10:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\MediaMonkey

[2009/02/13 07:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/02/11 13:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2008/08/29 22:24:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008/07/30 21:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis

[2008/07/30 15:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/07/30 15:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2008/07/30 15:17:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[4 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp -> ]

[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/01/15 19:18:00 | 00,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CFEC75F-EC5C-4CBB-B08D-98B496136766}.job

[2010/01/15 19:18:00 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{15CAFF63-A9F2-4B59-A661-58E5216B5481}.job

[2010/01/15 19:15:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yancau\Bureau\OTL.exe

[2010/01/15 19:12:01 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DC86F997-0858-488E-AE29-118EEC647C8D}.job

[2010/01/15 18:31:46 | 00,262,558 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/01/15 18:26:00 | 00,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/01/15 18:14:31 | 00,000,320 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/01/15 18:11:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/15 18:11:43 | 00,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/01/15 18:11:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/15 18:11:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/15 18:10:36 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Yancau\NTUSER.DAT

[2010/01/15 18:10:24 | 04,319,524 | -H-- | M] () -- C:\Documents and Settings\Yancau\Local Settings\Application Data\IconCache.db

[2010/01/15 18:01:26 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/01/15 17:58:34 | 00,500,872 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010/01/15 17:58:34 | 00,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/01/15 17:58:34 | 00,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010/01/15 17:58:33 | 00,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/01/15 17:58:32 | 01,094,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/01/15 17:58:09 | 00,000,633 | ---- | M] () -- C:\Documents and Settings\Yancau\Bureau\Revo Uninstaller.lnk

[2010/01/14 19:25:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/01/14 19:19:00 | 00,000,282 | RHS- | M] () -- C:\boot.ini

[2010/01/14 19:12:18 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Yancau\ntuser.ini

[2010/01/14 19:06:34 | 03,824,993 | R--- | M] () -- C:\Documents and Settings\Yancau\Bureau\agenor.exe

[2010/01/14 07:42:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/13 18:00:45 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/01/13 18:00:45 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/01/13 17:54:58 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk

[2010/01/12 20:44:20 | 00,086,528 | ---- | M] (Eric_71) -- C:\Documents and Settings\Yancau\Bureau\ZSc.exe

[2010/01/11 10:56:11 | 13,388,362 | ---- | M] () -- C:\Documents and Settings\Yancau\Bureau\registre.reg

[2010/01/10 21:03:39 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/01/02 00:30:03 | 00,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI

[4 C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\*.tmp -> ]

[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/01/15 17:58:09 | 00,000,633 | ---- | C] () -- C:\Documents and Settings\Yancau\Bureau\Revo Uninstaller.lnk

[2010/01/15 17:57:12 | 00,000,320 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/01/14 19:19:00 | 00,000,212 | ---- | C] () -- C:\Boot.bak

[2010/01/14 19:18:54 | 00,263,488 | ---- | C] () -- C:\cmldr

[2010/01/14 19:18:04 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/01/14 19:18:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/01/14 19:18:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/01/14 19:18:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/01/14 19:18:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/01/14 18:59:56 | 03,824,993 | R--- | C] () -- C:\Documents and Settings\Yancau\Bureau\agenor.exe

[2010/01/13 17:54:58 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk

[2010/01/11 10:56:09 | 13,388,362 | ---- | C] () -- C:\Documents and Settings\Yancau\Bureau\registre.reg

[2010/01/10 21:03:38 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/01/02 00:30:03 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/12/08 12:28:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI

[2009/11/09 17:23:18 | 11,988,992 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\sandra.mda

[2009/11/08 23:22:30 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Systems.ini

[2009/10/28 22:48:34 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/10/28 22:48:33 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/10/28 22:48:29 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/10/28 22:48:29 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/10/28 22:48:27 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/10/28 22:48:26 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/10/15 20:46:46 | 00,000,046 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/10/14 20:20:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009/10/14 20:20:35 | 00,003,513 | ---- | C] () -- C:\WINDOWS\Antidote.ini

[2009/10/09 18:44:32 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2009/10/06 18:45:23 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009/09/27 17:43:38 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini

[2009/09/27 17:00:44 | 00,015,043 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/09/27 17:00:29 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/09/27 17:00:25 | 00,014,714 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/09/27 17:00:12 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/08/02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/09/03 20:47:36 | 00,000,464 | ---- | C] () -- C:\Program Files\bqdo.txt

[2008/07/30 17:41:04 | 00,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe

[2008/03/24 12:52:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

 

========== LOP Check ==========

 

[2009/09/30 20:50:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited

[2009/10/09 18:38:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ

[2009/10/09 18:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJPLM

[2009/10/09 17:30:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ciel

[2009/09/30 19:54:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation

[2009/10/01 22:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

[2009/12/10 14:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Innovative Solutions

[2009/10/01 08:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RoboForm

[2009/10/09 18:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft

[2009/11/14 17:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sports Interactive

[2010/01/13 17:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

[2009/10/12 13:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\.metamorphose

[2009/10/06 18:32:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Canneverbe_Limited

[2009/10/02 16:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Copernic

[2010/01/10 16:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\GoodSync

[2009/10/01 22:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Grisoft

[2009/10/12 13:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\JetStart

[2009/10/05 14:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Launchy

[2009/11/14 17:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\Sports Interactive

[2009/10/09 21:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yancau\Application Data\VSRevoGroup

[2010/01/15 18:14:31 | 00,000,320 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/01/15 19:18:00 | 00,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0CFEC75F-EC5C-4CBB-B08D-98B496136766}.job

[2010/01/15 19:18:00 | 00,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{15CAFF63-A9F2-4B59-A661-58E5216B5481}.job

[2010/01/15 19:12:01 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DC86F997-0858-488E-AE29-118EEC647C8D}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004/08/19 15:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009/09/27 18:48:33 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2009/09/27 18:48:33 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/19 15:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009/09/27 18:48:33 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009/09/27 18:48:33 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 20:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 20:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/13 20:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0055\DriverFiles\i386\atapi.sys

[2008/04/13 20:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0059\DriverFiles\i386\atapi.sys

[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\drivers\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2004/08/19 15:09:26 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/19 15:09:38 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/19 15:09:40 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2

< End of report >

 

@ bientôt

[Mark]

Merci pour ce rapport

 

Bon, j'ai de l'étude à faire lol. Je vais décortiquer tout ça et ça risque de me prendre un certain temps.

 

Juste deux questions rapides :

 

- As-tu désinstallé Pest Patrol ?

- Utilisez-vous Acronis sur la machine et si oui, pour quelles fonctions ?

 

J'ajusterai mes recherches en fonction de tes réponses.

 

Merci...

 

Mark

 

Edit/ajout : en plus des questions ci-haut, je vais te faire faire quelque chose :

 

Tu as Malwarebytes' Anti-Malware sur la machine, alors je vais te demander de le lancer et de le mettre à jour (seulement, pas de scan). Tu verras l'onglet "Mise à jour" au haut. Lorsque la mise à jour sera complétée, ferme le programme.

 

Ensuite, redémarre la machine en mode Sans Échec :

 

- Redémarre le PC et appuie sur la touche F8 à répétition, après le "bip" sonore (juste après l'ouverture de l'écran pour le BIOS)

- Choisis le mode "Sans Échec" et valide [Entrée]

- Choisis ton compte usuel, et non le compte "Administrateur"

- Lance Malwarebytes' Anti-Malware pour une analyse rapide.

- Laisse-le réparer toutes les détections, le cas échéant.

- Un rapport sera créé ; sauvegarde-le sur le Bureau

- Si le programme doit redémarrer pour terminer le nettoyage, accepte.

- Si MBAM a redémarré, tu seras maintenant en Mode Normal (parfait), sinon redémarre la machine toi-même pour revenir en Mode Normal.

- Transporte le rapport sur le portable (si nécessaire) puis colle son contenu ici, dans ta réponse.

 

@++

Modifié le 15 janvier 2010 par Mark

[agenor47]

En réponse a tes 2 questions :

- Pest patrol a bien été désinstallé

- Acronis n'a pas été installé par mes soins, ni par ma femme non plus. Devines à qui je pense....donc, le logiciel peut être enlevé sans pb.

@ +

[Mark]

Merci

 

Attends un peu pour Acronis. J'ai édité mon message précédent car je ne t'avais pas vu au bas. Je t'ai laissé des instructions pour lancer Malwarebytes' Anti-Malware en mode Sans Échec.

 

À bientôt,

 

Mark

[agenor47]

Sorry, j'avais pas tout lu, notamment... la fin.

Je vais lançer la manip ,mais en mode sans echec je n'ai accés qu'au compte administrateur et à un autre compte qui lui aussi a les pouvoirs d'administrateur. dois-je le modifier en compte utilisateur?

Merci pour ta réponse

@ bientôt

[Mark]

Tu n'as pas accès à ton compte usuel (qui doit être un compte admin) ? C'est bizarre ça...

Non, ne modifie rien ; tu peux utiliser le compte "Administrateur" ou l'autre (admin) ; je préfère le compte usuel simplement parce que tout est sur ton Bureau. Pour lancer Malwarebytes', pas de soucis pour le choix du compte, mais il faut un compte admin.

 

Je pense à autre chose, après que tu auras passé MBAM en Sans Échec :

 

Il y a un programme nommé "Total Uninstall" sur la machine ; tu devrais le retrouver sous "Programmes". Pourrais-tu le lancer, regarder la liste des programmes surveillés et me refiler l'info s'il te plait ?

 

À toute

 

Mark

[agenor47]

Voila le rapport de MBAM ( il a rien trouvé). Par contre je n'ai pas vu Total Uninstaller sur le PC, ni sous C:\, ni sous D:\ qui est la partition dédiée aux progs.

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3570

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

15/01/2010 21:08:48

mbam-log-2010-01-15 (21-08-48).txt

 

Type de recherche: Examen rapide

Eléments examinés: 186745

Temps écoulé: 7 minute(s), 11 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

 

@+

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)