acces comptes bloques sous windows XP

[lesquirol]

j ai un PC avec windows XP service pack 3 regulierement mis a jour

 

mon pc est utilise par different membres de la famille

nous avons 3 comptes utilisateurs. 2 administrateurs pour ma femme et moi et et 1 utilisateur pour mon fils de 10 ans

 

mon probleme est que nous ne pouvons plus acceder a aucun des 3 comptes utilisateurs.

 

le fond d ecran du profil se charge puis la cession se deconnecte tout de suite ou apres environ 1 mn

 

J ai tente de demarrer windows dans les modes suivants (sans echec , debbogage, derniere bonne configuration connue,restauration active directory) et le probleme s est toujours reproduit.

 

A noter que ces problemes surviennent suite a l application securityessentials2010 qui s est installe sur mon pc.

j ai fait a un scan de disque (avec symantec ) et j ai supprime les virus spywarestike, byteverify , trojan spy, backdoor.eggdrop (avec spybot)

A noter que spybot m a demande de redemémarrer le pc et indiquait que 2 menaces sur 17 n' avit pas été supprimées mais qu'elles le seraient après redémarrage.

 

je suis donc completement bloque

c est tres ennuyeux car ma femme est au chomage

je vous ecrit depuis mon pc professionel

 

Merci

[Mark]

Bonjour lesquirol ; je te souhaite la bienvenue sur nos forums

 

J'ai très peu de disponibilités dans les jours qui viennent, mais je vais m'efforcer de passer quelques fois par jour afin d'assurer un suivi adéquat.

 

Sale infection, celle-là. Puisque tu as la machine pro à ta disposition, ça ira mieux pour effectuer les manipulations.

===========

 

Télécharge OTLPEStd.exe sur le Bureau, du lien suivant :

http://ottools.noahdfear.net/OTLPEStd.exe

 

> Le fichier fais plus de 90MB, donc ça peut prendre un certain temps, pour le téléchargement.

> Tu dois impérativement avoir un graveur fonctionnel, et tu dois y mettre un disque vierge (CD ou DVD) ;

> Lance le fichier OTLPEStd.exe ;

> Un fichier .iso inclus dans le téléchargement sera gravé sur le disque vierge. Il s'agit d'un ReatoGo bootable, nommé OTLPE, qui te permettra d'avoir accès à tes fichiers sur la machine qui ne démarre plus.

> Démarre la machine infectée et insère rapidement le disque gravé, afin que le démarrage se fasse via ce disque. Si ça ne fonctionne pas du premier coup, redémarre la machine avec le disque dans le lecteur à nouveau. Si ça ne focntionne toujours pas, il faudra vérifier l'ordre du boot dans le BIOS et mettre le lecteur optique en premier.

> Si tout va bien, tu démarreras sur l'environnement OTLPE ;

> Double-clique sur l'icône OTLPE qui se trouvera sur le Bureau.

 

>> On te demandera : "Do you wish to load the remote registry": clique Yes

>> On te demandera : "Do you wish to load remote user profile(s) for scanning": clique Yes

>> Assure-toi que "Automatically Load All Remaining Users" soit coché, puis clique OK

 

> OTL devrait se lancer. Modifie l'option "Drivers" à "All", puis "Standard Registry" à "All".

 

> Depuis ta machine pro, copie/colle le texte suivant (en vert) dans un nouveau fichier du Bloc-notes :

 

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

userinit.exe

explorer.exe

ntoskrnl.exe

/md5stop

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\System32\config\*.sav

 

- Sauvegarde le fichier et transporte-le sur la machine infectée via clé USB.

- Depuis l'environnement ReatoGo (OTLPE), ouvre le fichier texte qui est sur ta clé USB.

- "Copie" le contenu du fichier, puis "Colle"-le dans la fenêtre "Custom Scans/Fixes" (au bas de OTL) ;

- Clique maintenant sur "Run Scan" (au haut, à gauche).

 

> Lorsque l'analyse sera terminée, un fichier texte sera créé : C:\OTL.txt ;

> Copie/colle ce fichier sur ta clé USB, puis reviens sur la machine pro et poste le contenu du rapport ici, s'il te plaît.

 

Ceci n'est qu'une analyse, donc ne réparera rien, pour l'instant. Il s'agit d'identifier les coupables, ensuite on passe à l'attaque.

 

@++

 

Mark

[lesquirol]

Bonjour,

 

mille merci pour ton aide (pour info j'avais également posté sur le forum windows et à part me proposer de payer 70 euros, rien !).

 

ci joint le résultat du diganostic:

 

OTL logfile created on: 5/31/2010 12:37:00 PM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

767.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 68.00% Memory free

707.00 Mb Paging File | 576.00 Mb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.53 Gb Total Space | 0.88 Gb Free Space | 4.53% Space Free | Partition Type: NTFS

Drive D: | 57.15 Gb Total Space | 0.11 Gb Free Space | 0.19% Space Free | Partition Type: NTFS

Drive E: | 61.65 Mb Total Space | 60.37 Mb Free Space | 97.92% Space Free | Partition Type: FAT

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet002

 

========== Win32 Services (SafeList) ==========

 

SRV - [2009/08/28 13:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2004/10/21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Disabled] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 

========== Driver Services (All) ==========

 

DRV - File not found [Kernel | On_Demand] -- -- (WINIO)

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | Disabled] -- -- (ViaIde)

DRV - File not found [Kernel | Disabled] -- -- (ultra)

DRV - File not found [Kernel | Disabled] -- -- (TosIde)

DRV - File not found [Kernel | Disabled] -- -- (symc8xx)

DRV - File not found [Kernel | Disabled] -- -- (symc810)

DRV - File not found [Kernel | Disabled] -- -- (sym_u3)

DRV - File not found [Kernel | Disabled] -- -- (sym_hi)

DRV - File not found [Kernel | Disabled] -- -- (Sparrow)

DRV - File not found [Kernel | Disabled] -- -- (Simbad)

DRV - File not found [Kernel | Disabled] -- -- (ql1280)

DRV - File not found [Kernel | Disabled] -- -- (ql1240)

DRV - File not found [Kernel | Disabled] -- -- (ql12160)

DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)

DRV - File not found [Kernel | Disabled] -- -- (ql1080)

DRV - File not found [Kernel | Disabled] -- -- (perc2hib)

DRV - File not found [Kernel | Disabled] -- -- (perc2)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | Disabled] -- -- (mraid35x)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | Disabled] -- -- (IntelIde)

DRV - File not found [Kernel | Disabled] -- -- (ini910u)

DRV - File not found [Kernel | Disabled] -- -- (i2omp)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | Disabled] -- -- (hpn)

DRV - File not found [Kernel | On_Demand] -- -- (driverhardwarev2)

DRV - File not found [Kernel | Disabled] -- -- (dpti2o)

DRV - File not found [Kernel | Disabled] -- -- (dac960nt)

DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)

DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)

DRV - File not found [Kernel | Disabled] -- -- (CmdIde)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)

DRV - File not found [Kernel | Disabled] -- -- (Atdisk)

DRV - File not found [Kernel | Disabled] -- -- (asc3550)

DRV - File not found [Kernel | Disabled] -- -- (asc3350p)

DRV - File not found [Kernel | Disabled] -- -- (asc)

DRV - File not found [Kernel | Disabled] -- -- (amsint)

DRV - File not found [Kernel | Disabled] -- -- (AliIde)

DRV - File not found [Kernel | Disabled] -- -- (aic78xx)

DRV - File not found [Kernel | Disabled] -- -- (aic78u2)

DRV - File not found [Kernel | Disabled] -- -- (Aha154x)

DRV - File not found [Kernel | Disabled] -- -- (adpu160m)

DRV - File not found [Kernel | Disabled] -- -- (abp480n5)

DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)

DRV - [2010/05/24 13:19:43 | 000,741,376 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqskav.sys -- (cpqskav)

DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)

DRV - [2010/01/20 07:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)

DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)

DRV - [2009/08/28 13:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)

DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)

DRV - [2009/05/18 08:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/01/07 18:56:58 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)

DRV - [2009/01/03 10:50:45 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)

DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)

DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)

DRV - [2008/04/16 00:05:16 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)

DRV - [2008/04/16 00:05:16 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)

DRV - [2008/04/16 00:05:16 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)

DRV - [2008/04/13 22:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)

DRV - [2008/04/13 22:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)

DRV - [2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)

DRV - [2008/04/13 22:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)

DRV - [2008/04/13 22:10:03 | 000,073,600 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)

DRV - [2008/04/13 22:09:53 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008/04/13 22:09:47 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)

DRV - [2008/04/13 22:09:40 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)

DRV - [2008/04/13 22:05:14 | 000,025,216 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)

DRV - [2008/04/13 22:05:12 | 000,154,496 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008/04/13 22:05:07 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008/04/13 22:04:35 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)

DRV - [2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)

DRV - [2008/04/13 22:00:08 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)

DRV - [2008/04/13 21:57:38 | 000,044,672 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)

DRV - [2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)

DRV - [2008/04/13 21:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)

DRV - [2008/04/13 21:54:29 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7)

DRV - [2008/04/13 21:53:18 | 000,023,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)

DRV - [2008/04/13 21:53:05 | 000,030,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)

DRV - [2008/04/13 21:52:42 | 000,188,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)

DRV - [2008/04/13 15:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)

DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)

DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)

DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)

DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)

DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) Miniport réseau étendu (PPTP)

DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) Miniport réseau étendu (L2TP)

DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)

DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)

DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)

DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)

DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)

DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)

DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)

DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)

DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)

DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)

DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)

DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)

DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)

DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)

DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)

DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)

DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)

DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)

DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)

DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw)

DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)

DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)

DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)

DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)

DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)

DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)

DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)

DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)

DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) Filtre de décodeur DRM (Noyau Microsoft)

DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)

DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)

DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)

DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)

DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)

DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)

DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)

DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)

DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)

DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)

DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)

DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)

DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)

DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)

DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)

DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)

DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)

DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)

DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)

DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)

DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)

DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)

DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)

DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)

DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)

DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)

DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) Suppresseur d'écho acoustique (Noyau Microsoft)

DRV - [2008/04/13 12:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2006/09/28 14:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)

DRV - [2006/09/28 13:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)

DRV - [2006/06/09 17:58:22 | 001,373,120 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)

DRV - [2006/05/08 05:11:54 | 000,028,672 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)

DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/11/22 09:44:00 | 003,804,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/10/26 16:12:48 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)

DRV - [2005/07/05 04:42:14 | 000,020,608 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)

DRV - [2005/02/01 08:27:00 | 000,348,640 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)

DRV - [2004/03/07 23:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

DRV - [2003/12/03 04:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd)

DRV - [2003/06/19 06:44:16 | 000,390,016 | ---- | M] (B.H.A Co.,Ltd.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\BsUDF.sys -- (BsUDF)

DRV - [2003/04/24 08:00:00 | 000,126,080 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)

DRV - [2003/04/24 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)

DRV - [2003/04/24 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)

DRV - [2003/04/24 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)

DRV - [2003/04/24 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2003/04/24 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)

DRV - [2003/04/24 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2003/04/24 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)

DRV - [2003/04/24 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)

DRV - [2003/04/24 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2003/04/24 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)

DRV - [2003/04/24 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)

DRV - [2003/04/24 08:00:00 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)

DRV - [2003/04/24 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2003/04/24 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)

DRV - [2003/04/24 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)

DRV - [2003/04/24 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)

DRV - [2003/04/24 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)

DRV - [2003/04/24 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)

DRV - [2003/03/19 03:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)

DRV - [2002/12/05 00:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce

DRV - [2002/12/05 00:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce

DRV - [2002/11/27 07:52:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)

DRV - [2002/07/17 03:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)

DRV - [2002/06/05 20:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BsStor.sys -- (BsStor)

DRV - [2001/08/23 12:20:50 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)

DRV - [2001/08/23 11:15:46 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)

DRV - [2001/08/23 11:04:42 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)

DRV - [2001/08/17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001/08/17 16:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)

DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\pierre_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\pierre_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\pierre_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\pierre_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\pierre_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.takatrouver.net/

IE - HKU\pierre_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\pierre_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\pierre_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lequipe.fr/ [binary data]

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/

IE - HKU\resr_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\resr_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\resr_ON_C\..\URLSearchHook: {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll File not found

IE - HKU\resr_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/

IE - HKU\tania_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\tania_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\tania_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/22 17:32:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/03 11:09:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 13:19:27 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/11/15 20:25:35 | 000,352,037 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 12066 more lines...

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll File not found

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (myBabylon English4 Toolbar) - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyBa.dll File not found

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\pierre_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\pierre_ON_C\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\pierre_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\resr_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\resr_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\resr_ON_C\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\resr_ON_C\..\Toolbar\WebBrowser: (myBabylon English4 Toolbar) - {FC600575-3013-4E8E-941C-4B00DAFCE730} - C:\Program Files\myBabylon_English4\tbmyBa.dll File not found

O3 - HKU\tania_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\tania_ON_C\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKU\tania_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\Administrateur_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\pierre_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\pierre_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\pierre_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKU\pierre_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\resr_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\resr_ON_C..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\tania_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\tania_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\tania_ON_C..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKU\tania_ON_C..\Run: [security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe File not found

O4 - HKU\tania_ON_C..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found

O4 - HKU\tania_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [spybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\tania\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe (Avira GmbH)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\pierre_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\resr_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157

O7 - HKU\resr_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKU\resr_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKU\resr_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1

O7 - HKU\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found

O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helpers32.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\helpers32.dll ()

O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.fr/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1204484745421 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1231277392531 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-0000-0000-000000000000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\0042.DLL) - C:\WINDOWS\system32\0042.DLL ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/10/15 06:12:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/05/24 13:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft

[2010/05/24 13:18:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrateur\Application Data\Microsoft

[2010/05/24 13:18:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\SendTo

[2010/05/24 13:18:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Application Data

[2010/05/24 13:18:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrateur\Menu Démarrer

[2010/05/24 13:18:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrateur\Cookies

[2010/05/24 13:18:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Voisinage réseau

[2010/05/24 13:18:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Voisinage d'impression

[2010/05/24 13:18:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Recent

[2010/05/24 13:18:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Modèles

[2010/05/24 13:18:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Local Settings

[2010/05/24 13:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Sun

[2010/05/24 13:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents

[2010/05/24 13:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Favoris

[2010/05/24 13:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau

[2010/05/18 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/05/18 16:08:25 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe

[2010/05/17 03:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/05/15 16:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/05/15 16:47:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\IETldCache

[2007/02/18 07:21:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\resr\Application Data\pcouffin.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/05/31 12:38:23 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT

[2010/05/24 13:19:46 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/05/24 13:19:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/24 13:19:43 | 000,741,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpqskav.sys

[2010/05/24 13:19:07 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\resr\NTUSER.DAT

[2010/05/24 13:19:07 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\resr\ntuser.ini

[2010/05/24 13:18:22 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini

[2010/05/24 13:16:02 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/05/24 13:15:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/24 13:13:42 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/24 13:11:54 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\tania\NTUSER.DAT

[2010/05/24 13:11:54 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\tania\ntuser.ini

[2010/05/24 13:11:34 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\pierre\NTUSER.DAT

[2010/05/24 13:11:34 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\pierre\ntuser.ini

[2010/05/24 12:56:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/18 16:34:17 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/18 16:13:12 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\resr\Bureau\Spybot - Search & Destroy.lnk

[2010/05/18 16:08:34 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe

[2010/05/18 05:13:53 | 000,005,861 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT

[2010/05/18 05:13:51 | 000,044,032 | ---- | M] () -- C:\WINDOWS\System32\6334.exe

[2010/05/18 04:20:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat

[2010/05/18 04:19:30 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\0042.DLL

[2010/05/17 22:24:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tania\Ÿ;Ÿ;

[2010/05/17 22:02:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\resr\Ÿ;Ÿ;

[2010/05/17 12:38:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe

[2010/05/17 12:38:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe

[2010/05/17 12:18:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe

[2010/05/17 12:18:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe

[2010/05/17 11:58:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe

[2010/05/17 11:58:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe

[2010/05/17 11:38:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe

[2010/05/17 11:38:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe

[2010/05/17 11:18:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe

[2010/05/17 11:18:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe

[2010/05/17 10:58:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe

[2010/05/17 10:58:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe

[2010/05/17 10:38:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe

[2010/05/17 10:38:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe

[2010/05/17 10:18:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe

[2010/05/17 10:18:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe

[2010/05/17 09:58:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe

[2010/05/17 09:58:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe

[2010/05/17 09:38:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe

[2010/05/17 09:38:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe

[2010/05/17 09:18:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe

[2010/05/17 09:18:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe

[2010/05/17 08:58:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe

[2010/05/17 08:58:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe

[2010/05/17 08:38:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe

[2010/05/17 05:05:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\resr\Mes documents\virus.doc

[2010/05/15 17:06:44 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat

[2010/05/15 17:06:38 | 000,000,016 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\qvjsge.dat

[2010/05/15 16:48:14 | 000,048,128 | ---- | M] () -- C:\WINDOWS\System32\helpers32.dll

[2010/05/15 16:44:04 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat

[2010/05/15 16:43:04 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\tania\Application Data\avdrn.dat

[2010/05/15 05:37:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tania\Ÿ9Ÿ9

[2010/05/13 11:45:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\pierre\Ÿ9Ÿ9

[2010/05/12 12:37:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/12 12:03:05 | 000,009,964 | ---- | M] () -- C:\Documents and Settings\tania\Mes documents\PrintFormAction.pdf

[2010/05/09 15:38:01 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\tania\Mes documents\Espace de paiement sécurisé par carte bancaire.doc

[2010/05/09 15:37:42 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\tania\Bureau\Microsoft Word.lnk

[2010/05/09 07:14:44 | 003,749,692 | -H-- | M] () -- C:\Documents and Settings\pierre\Local Settings\Application Data\IconCache.db

[2010/05/09 05:48:23 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\pierre\Mes documents\lettre Corentin.doc

[2010/05/09 05:44:22 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\pierre\Mes documents\lettre louis.doc

[2010/05/04 07:49:53 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\tania\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/04 07:12:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\resr\Ÿ9Ÿ9

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/05/24 13:18:18 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.ini

[2010/05/24 13:18:16 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT

[2010/05/24 13:18:16 | 000,061,440 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT.LOG

[2010/05/18 16:13:12 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\resr\Bureau\Spybot - Search & Destroy.lnk

[2010/05/18 05:13:50 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\6334.exe

[2010/05/18 04:20:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat

[2010/05/18 04:19:30 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\0042.DLL

[2010/05/18 04:19:30 | 000,005,861 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT

[2010/05/17 12:38:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe

[2010/05/17 12:18:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe

[2010/05/17 11:58:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe

[2010/05/17 11:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe

[2010/05/17 11:18:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe

[2010/05/17 10:58:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe

[2010/05/17 10:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe

[2010/05/17 10:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe

[2010/05/17 09:58:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe

[2010/05/17 09:38:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe

[2010/05/17 09:18:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe

[2010/05/17 08:58:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe

[2010/05/17 08:38:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe

[2010/05/17 08:18:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe

[2010/05/17 07:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe

[2010/05/17 07:38:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe

[2010/05/17 07:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe

[2010/05/17 06:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe

[2010/05/17 06:38:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe

[2010/05/17 06:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe

[2010/05/17 05:58:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe

[2010/05/17 05:38:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe

[2010/05/17 05:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe

[2010/05/17 05:05:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\resr\Mes documents\virus.doc

[2010/05/17 04:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe

[2010/05/17 04:38:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe

[2010/05/17 03:18:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\resr\Ÿ;Ÿ;

[2010/05/15 17:08:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tania\Ÿ;Ÿ;

[2010/05/15 17:06:38 | 000,000,016 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\qvjsge.dat

[2010/05/15 16:48:14 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\helpers32.dll

[2010/05/15 16:45:51 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpqskav.sys

[2010/05/15 16:45:42 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat

[2010/05/15 16:44:03 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat

[2010/05/15 16:43:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\tania\Application Data\avdrn.dat

[2010/05/12 12:03:05 | 000,009,964 | ---- | C] () -- C:\Documents and Settings\tania\Mes documents\PrintFormAction.pdf

[2010/05/09 15:38:00 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\tania\Mes documents\Espace de paiement sécurisé par carte bancaire.doc

[2010/05/09 05:44:22 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\pierre\Mes documents\lettre louis.doc

[2010/05/09 05:44:01 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\pierre\Mes documents\lettre Corentin.doc

[2009/03/23 17:19:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL

[2009/01/28 14:01:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\pierre\Ÿ9Ÿ9

[2008/12/13 10:50:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2008/12/13 10:31:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\resr\Ÿ9Ÿ9

[2008/12/12 08:40:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tania\Ÿ9Ÿ9

[2008/11/21 04:08:50 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\resr\Application Data\inst.exe

[2008/05/26 17:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 17:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 17:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/02/23 11:10:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2008/01/30 11:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll

[2007/10/31 04:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2007/08/11 06:26:38 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/08/11 05:47:19 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2007/05/17 08:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll

[2007/02/18 07:21:20 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\resr\Application Data\pcouffin.log

[2007/02/18 07:21:16 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\resr\Application Data\ezpinst.exe

[2007/02/18 07:21:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\resr\Application Data\pcouffin.cat

[2007/02/18 07:21:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\resr\Application Data\pcouffin.inf

[2006/08/27 14:54:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2006/05/08 05:11:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys

[2006/05/07 15:07:42 | 001,539,389 | ---- | C] () -- C:\Documents and Settings\resr\Application Data\Install.dat

[2006/04/10 09:26:17 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\pierre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/03/24 09:52:11 | 000,000,058 | ---- | C] () -- C:\WINDOWS\JMC_1000.INI

[2006/03/19 15:33:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2006/02/12 19:02:17 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\pierre\ntuser.dat.LOG

[2006/02/12 19:02:17 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\pierre\ntuser.ini

[2006/02/12 19:02:16 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\pierre\NTUSER.DAT

[2006/02/01 14:03:08 | 000,001,110 | ---- | C] () -- C:\WINDOWS\disney.ini

[2005/11/25 16:26:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/08/26 13:54:47 | 000,014,453 | ---- | C] () -- C:\Documents and Settings\resr\cd-rw music mp3 5etoiles.clbx

[2005/01/02 09:50:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini

[2004/12/28 09:25:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2004/12/20 06:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2004/12/20 06:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2004/09/26 17:53:50 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\resr\usb1

[2004/09/26 17:53:13 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\resr\usb001

[2004/07/03 05:37:13 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2004/06/23 16:20:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat

[2004/06/23 16:20:34 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

[2004/02/10 14:02:00 | 000,211,156 | ---- | C] () -- C:\Documents and Settings\tania\~

[2004/02/04 17:51:50 | 000,202,173 | ---- | C] () -- C:\Documents and Settings\resr\~

[2004/01/25 15:09:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\emule.INI

[2004/01/22 10:50:46 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\tania\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2003/11/26 17:20:25 | 000,000,775 | ---- | C] () -- C:\WINDOWS\AudioCleanic.INI

[2003/11/26 16:02:09 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2003/11/26 16:00:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\magix.ini

[2003/11/26 16:00:29 | 000,000,829 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2003/11/24 17:11:14 | 000,000,262 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2003/11/23 17:46:25 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL

[2003/11/23 16:19:15 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/11/23 16:07:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2003/11/20 14:53:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI

[2003/11/20 14:53:31 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/11/20 14:53:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI

[2003/11/01 07:11:23 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\resr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2003/10/17 15:46:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL

[2003/10/15 17:11:38 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\tania\ntuser.dat.LOG

[2003/10/15 17:11:38 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\tania\ntuser.ini

[2003/10/15 17:11:37 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\tania\NTUSER.DAT

[2003/10/15 06:39:41 | 000,035,955 | ---- | C] () -- C:\WINDOWS\System32\En.ini

[2003/10/15 06:39:41 | 000,014,024 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini

[2003/10/15 06:39:39 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini

[2003/10/15 06:18:00 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\resr\ntuser.ini

[2003/10/15 06:17:59 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\resr\NTUSER.DAT

[2003/10/15 06:17:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\resr\ntuser.dat.LOG

[2003/10/15 06:15:49 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2003/10/15 06:15:49 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2003/10/15 06:15:48 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2003/10/15 06:15:48 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2003/10/15 06:15:48 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2003/10/15 06:15:48 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2003/04/24 08:00:00 | 000,025,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\kbdclass.sys

[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[2002/12/14 17:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll

[2002/12/14 17:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/12/14 17:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/11/15 08:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1995/11/13 19:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL

[1995/11/13 19:00:00 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\OPENFRA.DLL

[1995/11/13 19:00:00 | 000,010,000 | ---- | C] () -- C:\WINDOWS\System32\VBAFR32.DLL

[1995/11/13 19:00:00 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI

[1995/11/13 19:00:00 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

[1617/11/19 16:34:22 | 000,003,120 | ---- | C] () -- C:\WINDOWS\FKZBUFFER.ini

 

========== LOP Check ==========

 

[2006/06/21 04:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pierre\Application Data\FUJIFILM

[2006/12/16 06:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pierre\Application Data\My Games

[2009/01/25 08:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pierre\Application Data\Windows Desktop Search

[2009/10/09 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pierre\Application Data\Windows Search

[2009/11/14 12:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\Babylon

[2009/10/21 13:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\CopyTransPhoto

[2006/03/24 14:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\FUJIFILM

[2005/11/25 16:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\My Games

[2008/12/14 05:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\Snapfish

[2009/01/03 10:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\Vso

[2009/01/06 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\Windows Desktop Search

[2009/01/07 18:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\Windows Search

[2009/10/20 19:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\resr\Application Data\WindSolutions

[2006/04/27 15:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tania\Application Data\FUJIFILM

[2010/03/25 04:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tania\Application Data\ProtectDISC

[2009/01/07 05:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tania\Application Data\Windows Desktop Search

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

 

< MD5 for: AGP440.SYS >

[2008/03/02 15:48:32 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/09/03 15:12:59 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/03/02 15:48:32 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008/09/03 15:12:59 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2003/04/24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2008/03/02 15:48:32 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/09/03 15:12:59 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/03/02 15:48:32 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008/09/03 15:12:59 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2003/04/24 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2004/08/19 19:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2004/08/19 19:09:53 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/19 19:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: NTOSKRNL.EXE >

[2003/04/24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ntoskrnl.exe

[2008/03/02 15:48:32 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe

[2008/09/03 15:12:59 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe

[2008/03/02 15:48:32 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ntoskrnl.exe

[2008/09/03 15:12:59 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe

[2008/04/13 22:08:03 | 002,191,104 | ---- | M] (Microsoft Corporation) MD5=099D639DA1EF6968D4E41795BB507E6B -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe

[2008/04/13 22:08:03 | 002,191,104 | ---- | M] (Microsoft Corporation) MD5=099D639DA1EF6968D4E41795BB507E6B -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe

[2010/02/16 15:00:44 | 002,192,128 | ---- | M] (Microsoft Corporation) MD5=126C8FD13731649A7CD6F0A311CD49B8 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe

[2009/08/04 16:58:02 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=263FA3A73C588A26306D3B403A45F5A9 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe

[2005/03/02 14:13:23 | 002,181,632 | ---- | M] (Microsoft Corporation) MD5=3E2A0A4A0C0B19FC113618A9562A3B2A -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[2005/03/02 14:08:06 | 002,181,376 | ---- | M] (Microsoft Corporation) MD5=63729DD0F2AAE36CC52B89C05505146C -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe

[2005/03/02 14:08:06 | 002,181,376 | ---- | M] (Microsoft Corporation) MD5=63729DD0F2AAE36CC52B89C05505146C -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe

[2009/08/04 13:22:24 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=63864AF70CAC631077A6C1223617336B -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[2004/08/19 19:04:35 | 002,183,040 | ---- | M] (Microsoft Corporation) MD5=7D38CE4398E6AA6339B4644FEADCC0D8 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

[2009/12/09 06:09:07 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=904558EAA6ADFD08A93410E2F6A68C53 -- C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe

[2009/12/09 10:32:16 | 002,191,360 | ---- | M] (Microsoft Corporation) MD5=9EC870EAB7D08695E59579C7AAC3B23D -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[2004/10/27 21:27:06 | 002,092,032 | ---- | M] (Microsoft Corporation) MD5=A8A188AC824AAC564048C3A61A94AB9C -- C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe

[2009/02/09 07:24:03 | 002,191,104 | ---- | M] (Microsoft Corporation) MD5=AB896577F35CF5FED7A9F87D3C3205ED -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe

[2010/02/17 08:07:06 | 002,192,000 | ---- | M] (Microsoft Corporation) MD5=ADDA825853063A00D75D66188C3F1449 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

[2010/02/17 08:07:06 | 002,192,000 | ---- | M] (Microsoft Corporation) MD5=ADDA825853063A00D75D66188C3F1449 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

[2010/02/17 08:07:06 | 002,192,000 | ---- | M] (Microsoft Corporation) MD5=ADDA825853063A00D75D66188C3F1449 -- C:\WINDOWS\system32\ntoskrnl.exe

[2009/02/10 13:16:44 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=BEF458B8424553279E95E250D1E0CE7E -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[2003/04/24 05:16:52 | 001,929,344 | ---- | M] (Microsoft Corporation) MD5=C2AD5A6686F15FF6109E75B162308AD2 -- C:\WINDOWS\$NtUninstallKB885835_0$\ntoskrnl.exe

[2008/08/14 09:23:49 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=C8D4D5974F9671DA0A37175650912960 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe

[2008/08/14 13:26:02 | 002,191,232 | ---- | M] (Microsoft Corporation) MD5=D79210549BBF09B7638E860440504299 -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[2003/04/24 08:00:00 | 002,045,824 | ---- | M] (Microsoft Corporation) MD5=F58B3CE36566D6061A496DC595A8AAA3 -- C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe

 

< MD5 for: SCECLI.DLL >

[2004/08/19 19:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

 

< MD5 for: USERINIT.EXE >

[2004/08/19 19:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

 

< %SYSTEMDRIVE%\*.* >

[2003/10/15 06:12:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/03/03 10:36:25 | 000,000,216 | RHS- | M] () -- C:\boot.ini

[2003/04/24 08:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2003/10/15 06:12:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2004/05/09 16:02:52 | 000,000,179 | ---- | M] () -- C:\fairuse.log

[2003/10/15 06:12:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2003/10/15 06:12:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/03/02 15:51:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/03 15:17:45 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2010/05/24 13:17:21 | 1207,148,544 | -HS- | M] () -- C:\pagefile.sys

[2010/03/07 17:35:41 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2009/10/12 06:38:27 | 000,001,003 | ---- | M] () -- C:\updatedatfix.log

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

[2003/10/15 08:00:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2003/10/15 08:00:10 | 000,610,304 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2003/10/15 08:00:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >

[Mark]

Bonjour lesquirol,

 

Très bien joué pour OTLPE

 

Il me faudra un peu de temps pour analyser tout ça et je ne pourrai le faire que plus tard ce soir (très tard en fait). Je te poste la suite dès que possible, et on verra si on peut te remettre la machine sur pieds, avec les 70 euros là où ils devraient être (dans ta poche lol).

 

À très bientôt,

 

Mark

[Mark]

J'ai trouvé un peu de temps alors me revoilà...

 

Voici la suite :

========

 

> Depuis ta machine pro, copie/colle tout le texte suivant (en vert) dans un nouveau fichier du Bloc-notes :

 

:OTL

DRV - [2010/05/24 13:19:43 | 000,741,376 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqskav.sys -- (cpqskav)

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.

O4 - HKU\tania_ON_C..\Run: [security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe File not found

O4 - HKU\tania_ON_C..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found

O7 - HKU\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helpers32.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\helpers32.dll ()

O20 - AppInit_DLLs: (C:\WINDOWS\system32\0042.DLL) - C:\WINDOWS\system32\0042.DLL ()

 

:files

C:\WINDOWS\System32\WORK.DAT

C:\WINDOWS\System32\6334.exe

C:\WINDOWS\System32\wupd.dat

C:\WINDOWS\System32\0042.DLL

C:\Documents and Settings\tania\Ÿ;Ÿ;

C:\Documents and Settings\resr\Ÿ;Ÿ;

C:\WINDOWS\System32\19718.exe

C:\WINDOWS\System32\2995.exe

C:\WINDOWS\System32\18716.exe

C:\WINDOWS\System32\491.exe

C:\WINDOWS\System32\17421.exe

C:\WINDOWS\System32\9961.exe

C:\WINDOWS\System32\12382.exe

C:\WINDOWS\System32\16827.exe

C:\WINDOWS\System32\292.exe

C:\WINDOWS\System32\23281.exe

C:\WINDOWS\System32\153.exe

C:\WINDOWS\System32\28145.exe

C:\WINDOWS\System32\3902.exe

C:\WINDOWS\System32\5705.exe

C:\WINDOWS\System32\14604.exe

C:\WINDOWS\System32\24464.exe

C:\WINDOWS\System32\32391.exe

C:\WINDOWS\System32\26962.exe

C:\WINDOWS\System32\5436.exe

C:\WINDOWS\System32\29358.exe

C:\WINDOWS\System32\4827.exe

C:\WINDOWS\System32\11478.exe

C:\WINDOWS\System32\11942.exe

C:\WINDOWS\System32\15724.exe

C:\WINDOWS\System32\19169.exe

C:\Documents and Settings\resr\Mes documents\virus.doc

C:\WINDOWS\System32\fjhdyfhsn.bat

C:\WINDOWS\system32\config\systemprofile\Application Data\qvjsge.dat

C:\WINDOWS\System32\helpers32.dll

C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat

C:\Documents and Settings\tania\Application Data\avdrn.dat

C:\Documents and Settings\tania\Ÿ9Ÿ9

C:\Documents and Settings\pierre\Ÿ9Ÿ9

C:\Program Files\Securityessentials2010

 

:reg

[HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"Shell"="explorer.exe"

 

:commands

[emptytemp]

 

- Sauvegarde le fichier et nomme-le fix.txt

- Mets ce fichier sur ta clé USB

- Démarre sur la machine infectée avec le CD OTLPE dans le lecteur.

 

> Double-clique sur l'icône OTLPE qui se trouvera sur le Bureau.

 

>> On te demandera : "Do you wish to load the remote registry": clique Yes

>> On te demandera : "Do you wish to load remote user profile(s) for scanning": clique Yes

>> Assure-toi que "Automatically Load All Remaining Users" soit coché, puis clique OK

 

- Insère ta clé USB (machine infectée)

 

- Depuis la fenêtre de l'outil OTLPE, clique sur le bouton "Run Fix" ;

 

> L'outil ne trouvera pas de "Fix" à exécuter alors il ouvrira une invite avec le message suivant :

"No Fix has been Provided! Do you want to load it from a file?

>> Clique Yes

 

> Depuis la fenêtre de navigation, recherche maintenant le fichier "fix.txt" sur ta clé USB et sélectionne-le ;

> Le contenu du fichier "fix.txt" devrait maintenant apparaître dans le fenêtre de l'outil ;

> Clique à nouveau sur le bouton "Run Fix"

> Patiente maintenant jusqu'à la création du rapport (C:\OTL.txt)

> Colle le rapport sur ta clé USB.

> Fais un "Shutdown" de l'environnement OTLPE (via le bouton "Start" au bas à gauche), puis tente de redémarrer normallement avec la machine infectée, en retirant le CD OTLPE.

 

Dis-moi si la machine fonctionne à présent, et colle le rapport de OTLPE également, dans ta réponse.

 

 

@++

 

Mark

[lesquirol]

Bonsoir,

 

tout à l'air de fonctionner normalement maintenant.(mis à part les fonds d'écran disparu mais ce n'est pas bien grave)

Mille merci de nous avoir tirer de ce pétrin.

Que pouvons nous faire pour toi ?

Tout travail merite salaire ou récompense !

 

ci joint le fichier résultat:

 

========= OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cpqskav deleted successfully.

C:\WINDOWS\system32\drivers\cpqskav.sys moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.

Registry value HKEY_USERS\tania_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Security essentials 2010 deleted successfully.

Registry value HKEY_USERS\tania_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.

Registry value HKEY_USERS\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_USERS\tania_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.

C:\WINDOWS\system32\helpers32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ deleted successfully.

File C:\WINDOWS\System32\helpers32.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\0042.DLL deleted successfully.

C:\WINDOWS\system32\0042.DLL moved successfully.

========== FILES ==========

C:\WINDOWS\System32\WORK.DAT moved successfully.

C:\WINDOWS\System32\6334.exe moved successfully.

C:\WINDOWS\System32\wupd.dat moved successfully.

File\Folder C:\WINDOWS\System32\0042.DLL not found.

C:\Documents and Settings\tania\Ÿ;Ÿ; moved successfully.

C:\Documents and Settings\resr\Ÿ;Ÿ; moved successfully.

C:\WINDOWS\System32\19718.exe moved successfully.

C:\WINDOWS\System32\2995.exe moved successfully.

C:\WINDOWS\System32\18716.exe moved successfully.

C:\WINDOWS\System32\491.exe moved successfully.

C:\WINDOWS\System32\17421.exe moved successfully.

C:\WINDOWS\System32\9961.exe moved successfully.

C:\WINDOWS\System32\12382.exe moved successfully.

C:\WINDOWS\System32\16827.exe moved successfully.

C:\WINDOWS\System32\292.exe moved successfully.

C:\WINDOWS\System32\23281.exe moved successfully.

C:\WINDOWS\System32\153.exe moved successfully.

C:\WINDOWS\System32\28145.exe moved successfully.

C:\WINDOWS\System32\3902.exe moved successfully.

C:\WINDOWS\System32\5705.exe moved successfully.

C:\WINDOWS\System32\14604.exe moved successfully.

C:\WINDOWS\System32\24464.exe moved successfully.

C:\WINDOWS\System32\32391.exe moved successfully.

C:\WINDOWS\System32\26962.exe moved successfully.

C:\WINDOWS\System32\5436.exe moved successfully.

C:\WINDOWS\System32\29358.exe moved successfully.

C:\WINDOWS\System32\4827.exe moved successfully.

C:\WINDOWS\System32\11478.exe moved successfully.

C:\WINDOWS\System32\11942.exe moved successfully.

C:\WINDOWS\System32\15724.exe moved successfully.

C:\WINDOWS\System32\19169.exe moved successfully.

C:\Documents and Settings\resr\Mes documents\virus.doc moved successfully.

C:\WINDOWS\System32\fjhdyfhsn.bat moved successfully.

C:\WINDOWS\system32\config\systemprofile\Application Data\qvjsge.dat moved successfully.

File\Folder C:\WINDOWS\System32\helpers32.dll not found.

C:\Documents and Settings\NetworkService\Application Data\qvjsge.dat moved successfully.

C:\Documents and Settings\tania\Application Data\avdrn.dat moved successfully.

C:\Documents and Settings\tania\Ÿ9Ÿ9 moved successfully.

C:\Documents and Settings\pierre\Ÿ9Ÿ9 moved successfully.

File\Folder C:\Program Files\Securityessentials2010 not found.

========== REGISTRY ==========

HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!

HKLM\SOFTWARE_ON_C\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Java cache emptied: 0 bytes

[Mark]

La récompense est sous mes yeux : une machine qui revit

 

En tout cas, bien joué, car ce ne sont pas des manipulations simples que celles-là

 

Pour le fond d'écran : je dois te faire passer un autre outil qui risque de le remettre, sinon on verra :

==============

 

Pour utiliser ComboFix convenablement, prière de suivre les instructions fournies dans le guide suivant :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

 

**Les choses importantes à vérifier :

 

> Désactiver l'antivirus et le pare-feu tierce (si présent) avant de passer l'outil.

> Installer la Console de Récupération, tel que décrit dans le guide.

 

Poste le rapport de l'outil ici, dans ta réponse (il se trouve à "C:\ComboFix.txt").

 

Je ne repasserai que très tard, alors à demain

 

 

Mark