redirection des pages internet automatique + pub intempestive

Agrum'z · le 7 juillet 2010

Bonjour,

Ca fait quelques jours que des publicités pornographiques ou autre, s'ouvrent régulierment sur mon ordinateur portable (HP) et depuis hier lorsque j'essaye d'aller sur un site quelconque la page me redirige automatiquement sur différent site tels que : Edenflirt - smartbizsearch - search pro ect...

quelqu'un a t'il à faire au même probleme ?

Merci

nardino · le 7 juillet 2010

Bonjour,

Désactive ton antivirus.

Télécharge rkill de Grinler depuis au choix:

http://download.bleepingcomputer.com/grinler/rkill.scr

http://download.bleepingcomputer.com/grinler/rkill.com

http://download.bleepingcomputer.com/grinler/rkill.exe

http://download.bleepingcomputer.com/grinler/eXplorer.exe

http://download.bleepingcomputer.com/grinler/iExplore.exe

Lance l'outil, il ne nécessite pas d'installation.

En cas d'échec essaie une autre extension et en mode sans échec.

Poste le rapport C:\rkill.log

Réactive ton antivirus

Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY

Double-clique sur le fichier mbam-setup-1.46.exe (sous Vista et 7 autorise les modifications)

A la fin de l'installation, veille à ce que les options suivantes soient cochées

-Mettre à jour Malwarebytes' Anti-Malware
-Exécuter Malwarebytes' Anti-Malware

Clique sur Terminer

Une fenêtre Mise à jour de Malwarebytes' Anti-Malware va s'ouvrir avec une barre de progression.

Puis une autre annonçant le succès de la mise à jour de la base de données. Clique sur OK.

Le programme s'ouvre sur l'onglet Recherche.

Coche Exécuter un examen rapide, clique sur le bouton

A la fin du scan, sélectionne tout et clique sur Supprimer la sélection

Poste le rapport qui s'ouvre après cette suppression.

Redémarre le pc si cela est demandé

Tu peux retrouver le rapport dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.

@+

Agrum'z · le 8 juillet 2010

Il m'est impossible d'effectuer cette operation car je ne peux pas accéder au forum ou toute autre page internet de mon Pc Portable et donc télécharger le module pour l'analiser .

j'ai essayer de copier les liens mais ils ne marchent pas lorsqu'ils sont copiés.

Agrum'z · le 8 juillet 2010

voila le rapport

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as D6-5n5q4e on 08/07/2010 at 22:12:07.

Processes terminated by Rkill or while it was running:

C:\Users\D6-5n5q4e\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZWY62OS\eXplorer[1].exe

C:\Users\D6-5n5q4e\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSO1ZGAR\iExplore[1].exe

Rkill completed on 08/07/2010 at 22:12:11.

C:\Windows\system32\NOTEPAD.EXE

C:\Users\D6-5n5q4e\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZWY62OS\eXplorer[1].exe

C:\Users\D6-5n5q4e\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSO1ZGAR\iExplore[1].exe

C:\Users\D6-5n5q4e\AppData\Local\Temp\EA5E.tmp\pev.rkexe

Rkill completed on 08/07/2010 at 22:12:20.

Agrum'z · le 8 juillet 2010

voila le rapport de malwarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de données: 4293

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

08/07/2010 22:27:39

mbam-log-2010-07-08 (22-27-39).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 139299

Temps écoulé: 6 minute(s), 45 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 17

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

C:\Windows\System32\cabview32.dll (Trojan.Tracur) -> Delete on reboot.

C:\Windows\System32\dbgeng32.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Users\D6-5n5q4e\AppData\Roaming\B291.tmp (Trojan.Tracur) -> Delete on reboot.

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0426735f-113c-4df1-b7ec-b9039dd3acf6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0426735f-113c-4df1-b7ec-b9039dd3acf6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{77c241e6-89dd-039e-1686-f269ffb9c7de} (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77c241e6-89dd-039e-1686-f269ffb9c7de} (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77c241e6-89dd-039e-1686-f269ffb9c7de} (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0426735f-113c-4df1-b7ec-b9039dd3acf6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\cabview32.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\cabview32.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

C:\ProgramData\485279325 (Rogue.WindowsSmartSecurity) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\Windows\System32\dbgeng32.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Windows\System32\cabview32.dll (Trojan.Tracur) -> Delete on reboot.

C:\Users\D6-5n5q4e\AppData\Roaming\B291.tmp (Trojan.Tracur) -> Delete on reboot.

C:\Users\D6-5n5q4e\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Windows\System32\cofiredm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Windows\System32\d3d932.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Windows\System32\dfshim32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\dmdlgs32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\dskquota32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\eappcfg32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Local\Temp\10EA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Local\Temp\E556.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Local\Temp\F04A.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Local\Temp\4962.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Local\Temp\8E0C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Users\D6-5n5q4e\AppData\Local\Temp\97BD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\Windows\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

nardino · le 8 juillet 2010

Bonsoir

Je présume que le pc doit déjà mieux se comporter.

Télécharge OTL de OldTimer sur ton bureau.

Clique sur OTL.exe

Coche :

En haut, à droite

-Tous les utilisateurs
-Avec analyse 64 bits sera coché automatiquement si c'est la cas de ton système.
-Rapport standard

En bas, à droite

-Recherche LOP
-Recherche Purity

Processus, Services, Drivers, Registre:Standard, Modules, Pilotes doivent être sur [Avec liste blanche] par défaut.

Registre : approfondi est sur Aucun.

Clique sur le bouton [Analyse] en haut en bleu.

L'analyse va prendre une ou deux minutes.

Une fois celle-ci terminée un rapport va s'ouvrir

Tu postes ce rapport par copier-coller et tu le fermes.

Tu fermes aussi le fichier Extras.txt dans la barre des tâches, il sera demandé en cas de nécessité.

Ils seront sauvegardés sur le bureau (OTL.txt et Extras.txt) ou dans le dossier où se trouve OTL.exe.

En cas de difficulté pour poster les rapports par copier-coller, tu peux les héberger sur Cjoint.com

Poste les liens obtenus dans ce cas.

Donne des infos sur l'évolution de la situation.

@+

Agrum'z · le 9 juillet 2010

L'ordinateur se porte beaucoup mieu en effet je vous remercie de votre aide ! Plus de Pub ni de redirection automatique

OTL logfile created on: 09/07/2010 09:33:51 - Run 1

OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\D6-5n5q4e\Desktop

Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 203,12 Gb Total Space | 133,82 Gb Free Space | 65,88% Space Free | Partition Type: NTFS

Drive D: | 94,96 Gb Total Space | 94,87 Gb Free Space | 99,90% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC-DE-DOMINIQUE

Current User Name: D6-5n5q4e

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 09:30:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\D6-5n5q4e\Desktop\OTL.exe

PRC - [2010/07/08 15:31:14 | 000,247,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd1.exe

PRC - [2010/06/10 16:36:18 | 000,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/05/14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2009/10/11 22:24:26 | 000,206,192 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe

PRC - [2009/07/04 15:47:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe

PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/03/02 23:51:59 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\Nod32\nod32kui.exe

PRC - [2008/03/02 23:51:59 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\Nod32\nod32krn.exe

PRC - [2007/11/30 02:52:42 | 000,533,944 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe

PRC - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2006/11/02 02:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

========== Modules (SafeList) ==========

MOD - [2010/07/09 09:30:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\D6-5n5q4e\Desktop\OTL.exe

MOD - [2008/01/19 22:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2008/01/19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008/03/02 23:51:59 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Nod32\nod32krn.exe -- (NOD32krn)

SRV - [2008/01/19 22:00:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2008/01/19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2009/05/27 16:04:00 | 009,850,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/08/28 23:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008/03/02 23:51:59 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\amon.sys -- (AMON)

DRV - [2008/03/02 23:51:59 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nod32drv.sys -- (nod32drv)

DRV - [2008/01/19 22:00:00 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel®

DRV - [2008/01/19 22:00:00 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/19 22:00:00 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/19 22:00:00 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/19 22:00:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2008/01/19 22:00:00 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/19 22:00:00 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/19 22:00:00 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/19 22:00:00 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2008/01/19 22:00:00 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2008/01/19 22:00:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/19 22:00:00 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/19 22:00:00 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/19 22:00:00 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/19 22:00:00 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2008/01/19 22:00:00 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/19 22:00:00 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/19 22:00:00 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2008/01/19 22:00:00 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/19 22:00:00 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2008/01/19 22:00:00 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/19 22:00:00 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/19 22:00:00 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/19 22:00:00 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/19 22:00:00 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/19 22:00:00 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2008/01/19 22:00:00 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2008/01/19 22:00:00 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2008/01/19 22:00:00 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/19 22:00:00 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2008/01/19 22:00:00 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/19 22:00:00 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2008/01/19 22:00:00 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2008/01/19 22:00:00 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2008/01/19 22:00:00 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2008/01/19 22:00:00 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2008/01/19 22:00:00 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2008/01/19 22:00:00 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/19 22:00:00 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2008/01/19 22:00:00 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/19 22:00:00 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/19 22:00:00 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2008/01/19 22:00:00 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2008/01/19 22:00:00 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2008/01/19 22:00:00 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2008/01/19 22:00:00 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/09/07 11:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)

DRV - [2007/04/18 12:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2006/11/02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 73 26 04 3C 11 F1 4D B7 EC B9 03 9D D3 AC F6 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 73 26 04 3C 11 F1 4D B7 EC B9 03 9D D3 AC F6 [binary data]

IE - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5F 73 26 04 3C 11 F1 4D B7 EC B9 03 9D D3 AC F6 [binary data]

IE - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/03/26 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\mozilla\Extensions

[2010/03/26 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2008/03/04 00:11:54 | 001,759,830 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 rad.msn.com

O1 - Hosts: 127.0.0.1 rad.live.com

O1 - Hosts: 127.0.0.1 ads1.msn.com

O1 - Hosts: 127.0.0.1 adfarm.mediaplex.com

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 0-2u.com

O1 - Hosts: 127.0.0.1 0-days.net

O1 - Hosts: 127.0.0.1 0.start.bz

O1 - Hosts: 127.0.0.1 00-12.us

O1 - Hosts: 127.0.0.1 00-updates.com

O1 - Hosts: 127.0.0.1 00.devoid.us

O1 - Hosts: 127.0.0.1 000buy.com

O1 - Hosts: 127.0.0.1 000info.com

O1 - Hosts: 127.0.0.1 001dxdgqssl01.com

O1 - Hosts: 127.0.0.1 001paypal.com

O1 - Hosts: 127.0.0.1 001y.com

O1 - Hosts: 127.0.0.1 001y1.com

O1 - Hosts: 127.0.0.1 001yhrix.com

O1 - Hosts: 127.0.0.1 0029lbjf.com

O1 - Hosts: 127.0.0.1 003f741.netsolhost.com

O1 - Hosts: 127.0.0.1 004dada.netsolhost.com

O1 - Hosts: 127.0.0.1 005e3bc.netsolhost.com

O1 - Hosts: 127.0.0.1 006.free-counter.co.uk

O1 - Hosts: 127.0.0.1 006312.com

O1 - Hosts: 58651 more lines...

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)

O4 - HKLM..\Run: [nod32kui] C:\Program Files\Nod32\nod32kui.exe (Eset )

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QT Lite\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] File not found

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] File not found

O4 - HKU\S-1-5-21-2059078894-2549236787-450576678-1001..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe (Druide informatique inc.)

O4 - HKU\S-1-5-21-2059078894-2549236787-450576678-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\D6-5n5q4e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-2059078894-2549236787-450576678-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\imon.dll (Eset )

O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\imon.dll (Eset )

O13 - gopher Prefix: missing

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\D6-5n5q4e\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg

O24 - Desktop BackupWallPaper: C:\Users\D6-5n5q4e\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/19 22:00:00 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0d699406-21ff-11df-8c14-002186ae68d0}\Shell\AutoRun\command - "" = F:\__DTMEDIA\DTMedia.exe -- File not found

O33 - MountPoints2\{157f745b-f24c-11de-8b05-002186ae68d0}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found

O33 - MountPoints2\{4f699071-6893-11de-a0ea-002186ae68d0}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe -- File not found

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 09:30:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\D6-5n5q4e\Desktop\OTL.exe

[2010/07/08 22:16:21 | 000,000,000 | ---D | C] -- C:\Users\D6-5n5q4e\AppData\Roaming\Malwarebytes

[2010/07/08 22:16:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/07/08 22:16:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/07/08 22:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/07/08 22:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/07/08 22:15:16 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\D6-5n5q4e\Documents\mbam-setup.exe

[2010/07/08 21:21:18 | 000,000,000 | ---D | C] -- C:\Users\D6-5n5q4e\AppData\Roaming\Druide

[2010/07/06 10:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2010/07/06 10:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English

[2010/07/06 10:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon

[2010/07/05 05:10:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32

[2010/06/29 10:39:38 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010/06/29 10:39:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010/06/29 10:39:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2010/06/29 10:39:33 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2010/06/29 10:39:33 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2010/06/24 09:40:12 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/24 09:40:11 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/24 09:40:11 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/23 10:52:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/06/23 10:52:28 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/06/10 16:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2010/06/10 16:36:26 | 000,181,736 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/06/10 16:36:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/06/10 16:36:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/06/10 16:36:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\D6-5n5q4e\Desktop\*.tmp files -> C:\Users\D6-5n5q4e\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/09 09:34:41 | 003,670,016 | -HS- | M] () -- C:\Users\D6-5n5q4e\NTUSER.DAT

[2010/07/09 09:32:52 | 000,681,798 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2010/07/09 09:32:52 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/07/09 09:32:52 | 000,127,504 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2010/07/09 09:32:52 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/07/09 09:32:51 | 001,503,482 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/07/09 09:30:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\D6-5n5q4e\Desktop\OTL.exe

[2010/07/09 09:27:45 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/07/09 09:26:00 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/07/09 09:26:00 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/07/09 09:25:51 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/07/09 09:25:37 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/09 09:25:37 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/09 09:25:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/09 09:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/09 00:01:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/07/09 00:01:39 | 000,524,288 | -HS- | M] () -- C:\Users\D6-5n5q4e\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

[2010/07/09 00:01:39 | 000,065,536 | -HS- | M] () -- C:\Users\D6-5n5q4e\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

[2010/07/09 00:01:35 | 003,063,120 | -H-- | M] () -- C:\Users\D6-5n5q4e\AppData\Local\IconCache.db

[2010/07/09 00:00:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/07/08 23:16:33 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/07/08 22:27:32 | 000,000,817 | ---- | M] () -- C:\ProgramData\786342202

[2010/07/08 22:16:06 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/08 22:15:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\D6-5n5q4e\Documents\mbam-setup.exe

[2010/07/08 22:12:35 | 000,000,649 | -HS- | M] () -- C:\ProgramData\2123297130

[2010/07/08 22:12:33 | 000,004,056 | -HS- | M] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964P.manifest

[2010/07/08 22:12:22 | 000,000,195 | -HS- | M] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964O.manifest

[2010/07/08 22:12:22 | 000,000,051 | -HS- | M] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964C.manifest

[2010/07/08 22:12:22 | 000,000,011 | -HS- | M] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964S.manifest

[2010/07/08 21:45:01 | 000,000,056 | ---- | M] () -- C:\Users\D6-5n5q4e\AppData\Roaming\7e5ea63d

[2010/07/08 21:21:24 | 000,000,150 | ---- | M] () -- C:\Windows\Antidote.ini

[2010/07/06 22:24:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/07/06 21:46:56 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/07/06 15:01:30 | 000,023,652 | ---- | M] () -- C:\Users\D6-5n5q4e\Desktop\Request pod CH.docx

[2010/07/06 14:26:28 | 000,052,805 | ---- | M] () -- C:\Users\D6-5n5q4e\Desktop\LITIGES HKG CHINE.docx

[2010/07/06 13:33:36 | 000,024,699 | ---- | M] () -- C:\Users\D6-5n5q4e\Documents\JOURNEESSSSSS .xlsx

[2010/07/06 13:24:45 | 000,036,864 | ---- | M] () -- C:\Users\D6-5n5q4e\Desktop\pod test2.xls

[2010/07/05 05:09:46 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe

[2010/07/04 13:27:38 | 000,000,680 | ---- | M] () -- C:\Users\D6-5n5q4e\AppData\Local\d3d9caps.dat

[2010/07/02 20:01:25 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/07/01 13:55:03 | 000,021,630 | ---- | M] () -- C:\Users\D6-5n5q4e\Desktop\Mercredi.docx

[2010/07/01 13:54:36 | 000,016,495 | ---- | M] () -- C:\Users\D6-5n5q4e\Desktop\Attente de Dédouanement.docx

[2010/07/01 11:19:48 | 000,021,528 | ---- | M] () -- C:\Users\D6-5n5q4e\Documents\Mercredi.docx

[2010/06/23 20:23:25 | 000,055,296 | ---- | M] () -- C:\Users\D6-5n5q4e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/23 20:21:57 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI

[2010/06/21 00:48:59 | 000,022,838 | ---- | M] () -- C:\Users\D6-5n5q4e\Desktop\Temoins pour tests pendulaires.mht

[2010/06/10 16:36:43 | 000,001,023 | ---- | M] () -- C:\Users\D6-5n5q4e\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk

[2010/06/10 16:36:43 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2010/06/10 16:36:26 | 000,181,736 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/06/10 16:36:21 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/06/10 16:36:21 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/06/10 16:36:20 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\D6-5n5q4e\Desktop\*.tmp files -> C:\Users\D6-5n5q4e\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/08 22:16:06 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/06 15:01:29 | 000,023,652 | ---- | C] () -- C:\Users\D6-5n5q4e\Desktop\Request pod CH.docx

[2010/07/05 05:32:08 | 000,000,056 | ---- | C] () -- C:\Users\D6-5n5q4e\AppData\Roaming\7e5ea63d

[2010/07/05 05:10:16 | 000,000,649 | -HS- | C] () -- C:\ProgramData\2123297130

[2010/07/05 05:10:15 | 000,000,817 | ---- | C] () -- C:\ProgramData\786342202

[2010/07/05 05:09:46 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe

[2010/07/05 05:09:20 | 000,004,056 | -HS- | C] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964P.manifest

[2010/07/05 05:09:20 | 000,000,195 | -HS- | C] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964O.manifest

[2010/07/05 05:09:20 | 000,000,051 | -HS- | C] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964C.manifest

[2010/07/05 05:09:20 | 000,000,011 | -HS- | C] () -- C:\Users\D6-5n5q4e\AppData\Roaming\0200000007dee236964S.manifest

[2010/07/02 11:20:15 | 000,052,805 | ---- | C] () -- C:\Users\D6-5n5q4e\Desktop\LITIGES HKG CHINE.docx

[2010/07/01 11:43:10 | 000,021,630 | ---- | C] () -- C:\Users\D6-5n5q4e\Desktop\Mercredi.docx

[2010/06/30 20:53:37 | 000,021,528 | ---- | C] () -- C:\Users\D6-5n5q4e\Documents\Mercredi.docx

[2010/06/23 20:21:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI

[2010/06/21 00:48:57 | 000,022,838 | ---- | C] () -- C:\Users\D6-5n5q4e\Desktop\Temoins pour tests pendulaires.mht

[2010/06/10 16:36:43 | 000,001,023 | ---- | C] () -- C:\Users\D6-5n5q4e\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk

[2010/06/10 16:36:43 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2009/08/07 17:56:11 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll

[2009/07/10 17:27:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008/03/02 23:52:28 | 000,015,424 | ---- | C] () -- C:\Windows\System32\drivers\nod32drv.sys

[2008/01/19 22:00:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/01/19 22:00:00 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/01/19 22:00:00 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/01/19 22:00:00 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2008/01/19 22:00:00 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008/01/19 22:00:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2008/01/19 22:00:00 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2008/01/19 22:00:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/01/19 22:00:00 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2008/01/19 22:00:00 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2008/01/19 22:00:00 | 000,000,150 | ---- | C] () -- C:\Windows\Antidote.ini

========== LOP Check ==========

[2009/08/07 18:32:27 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\ACD Systems

[2010/07/08 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\Druide

[2009/10/11 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\HiYo

[2010/07/09 09:26:39 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\LimeWire

[2009/08/09 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\Regensoft

[2009/09/21 08:40:26 | 000,000,000 | ---D | M] -- C:\Users\D6-5n5q4e\AppData\Roaming\Windows Live Writer

[2010/07/09 00:01:41 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

nardino · le 9 juillet 2010

Bonjour,

1-Tu lances OTL.

Dans le cadre Personnalisation tu copies ce qui suit

:OTL
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O33 - MountPoints2\{157f745b-f24c-11de-8b05-002186ae68d0}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found

Tu cliques sur la bouton Correction

Il faut mettre à jour ton système :

Windows Vista Ultimate Edition Service Pack 1 > Installer le SP2

Internet Explorer 7 > Installer la version 8 mieux sécurisée.

C'est important de tenir son système à jour.

Pour contrôle, exécute ce qui suit.

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :

eric71mespages: lop.sd.exe

Clique droit sur l'icône et Exécuter en tant qu'administrateur pour lancer l'outil.

Sélectionne la langue souhaitée , puis choisis l'Option 1 (Recherche)

Le scan peut prendre plusieurs minutes.

A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.

Copie-colle le contenu de ce rapport dans ta réponse.

(Il est sauvegardé à la racine de la partition système : C:\LopR.txt)

@+

Connexion

Pas encore inscrit ?

redirection des pages internet automatique + pub intempestive

Messages recommandés

Agrum'z

nardino

Agrum'z

Agrum'z

Agrum'z

nardino

Agrum'z

nardino

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer