[Résolu] Infection Possible problème de redirection.

[MoiBeber]

Bonjour,

 

Depuis 2 jours lorsque je clique sur un lien de Google je suis redirigé sur un autre site qui n'est pas le bon.

Après avoir fait une analyse Mbam j'ai eu 18 résultats positif et j'ai pu déplacer des objets détectés par Antivir en quarantaine.

Ce problème vient-il de moi ou de Google?

 

Merci d'avance pour votre réponse.

Modifié le 12 novembre 2010 par MoiBeber

[lance_yien]

Bonjour MoiBeber,

 

...

Ce problème vient-il de moi ou de Google?

De fortes chances que ça soit des deux

 

Poste le rapport de MBAM dans ta prochaine réponse, STP! Accessible depuis l'onglet "Rapports/logs".

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

• Security Check (par screen317) depuis ici ou ici.
• TDSSKiller.zip depuis ici.

 

>>> Utiliser TDSSKiller: Dézipper TDSSKiller.zip (clic-droit dessus => "Extraire ici". Glisser TDSSKiller.zip dans la corbeille pour le supprimer.

• Fermer tout et désactiver antivirus et tout autre programme de protection. Cliquer sur TDSSKiller.exe pour lancer le programme.
   
  
• Cliquer sur le bouton Start Scan et patienter jusqu'à la fin de l'analyse.
   
  
• Si un fichier infecté est détecté, l'action par défaut sera Cure. Cliquer sur le bouton Continue Sans rien changer.
   
  
• Si un fichier suspect est détecté, l'action par défaut sera Skip. Cliquer sur le bouton Continue Sans rien changer.

Si vous êtes invité à redémarre la machine pour finir le processus (reboot the computer to complete the process), cliquez sur le bouton Reboot Now. Le rapport sera sauvegardé à la racine de la partition système, là où Windows est installé (généralement C:\); son format est du type "TDSSKiller.[Version]_[Date]_[Heure]_log.txt" (par exemple, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Poster son contenu.

Si aucun redémarrage n'est requis, cliquer sur Report. Un fichier texte s'ouvre et sera sauvegardé de la même manière, poster son contenu.

 

 

>>> ESET Online Scanner: Désactiver antivirus/ parefeu et antispyware et utiliser Internet Explorer pour faire une analyse en ligne ICI.

 

• Cliquer sur le bouton vert ESET Online Scanner button, cocher la case YES, I accept the Terms of Use et cliquer sur Start.
  
• Accepter l'installation de l'ActiveX.
  
• Cocher Scan archives et cliquer Start.
  
• Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
  
• Sauvegarder les résultats ("Fichier" => "Enregistrer sous...") sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
  
• Cocher Uninstall application on close pour supprimer ESET Online Scanner de la machine et cliquer sur Finish.

 

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

Rapport demandés:

• Malwarebytes' Anti-Malware_log
• TDSSKiller_log.txt
• scan-results
• checkup.txt

Un changement quelconque?

[MoiBeber]

Bonjour, Merci pour la rapidité de ta réponse voici les différents rapports:

 

Log Malware :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 5044

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

04/11/2010 22:45:23

mbam-log-2010-11-04 (22-45-23).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 216734

Temps écoulé: 3 heure(s), 29 minute(s), 45 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 36

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\User\Application Data\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259058.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259215.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259225.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259235.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259267.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259268.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259269.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A8B03C7A-0348-4C1D-A403-77E7F5CFAB57}\RP667\A0259270.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\B8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A445180BA2C4AD6940CD78AD1303B35C\b\binc1 (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A445180BA2C4AD6940CD78AD1303B35C\b\binc2 (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A445180BA2C4AD6940CD78AD1303B35C\b\binc3 (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A445180BA2C4AD6940CD78AD1303B35C\b\binc4 (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v4 (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v5 (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v6 (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v7 (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\mu1053303184v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\wu1053303184v0 (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\wu1053303184v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\wu1053303184v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\wu1053303184v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SysWoW32\wu1053303184v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\GnuHashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000001bb737911062C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000001bb737911062O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000001bb737911062P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\020000001bb737911062S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000001bb737911062C.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000001bb737911062O.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000001bb737911062P.manifest (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\020000001bb737911062S.manifest (Malware.Trace) -> Quarantined and deleted successfully.

 

TDSSKiller_log.txt :

 

2010/11/06 16:51:25.0406 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/06 16:51:25.0406 ================================================================================

2010/11/06 16:51:25.0406 SystemInfo:

2010/11/06 16:51:25.0406

2010/11/06 16:51:25.0406 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/06 16:51:25.0406 Product type: Workstation

2010/11/06 16:51:25.0406 ComputerName: USER-4E3E752DFF

2010/11/06 16:51:25.0406 UserName: User

2010/11/06 16:51:25.0406 Windows directory: C:\WINDOWS

2010/11/06 16:51:25.0406 System windows directory: C:\WINDOWS

2010/11/06 16:51:25.0406 Processor architecture: Intel x86

2010/11/06 16:51:25.0406 Number of processors: 2

2010/11/06 16:51:25.0406 Page size: 0x1000

2010/11/06 16:51:25.0406 Boot type: Normal boot

2010/11/06 16:51:25.0406 ================================================================================

2010/11/06 16:51:25.0781 Initialize success

2010/11/06 16:51:44.0812 ================================================================================

2010/11/06 16:51:44.0812 Scan started

2010/11/06 16:51:44.0812 Mode: Manual;

2010/11/06 16:51:44.0812 ================================================================================

2010/11/06 16:51:45.0343 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/06 16:51:45.0390 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/06 16:51:45.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/06 16:51:45.0515 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/11/06 16:51:45.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/06 16:51:45.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/06 16:51:45.0937 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/06 16:51:45.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/06 16:51:46.0031 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/06 16:51:46.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/06 16:51:46.0250 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/11/06 16:51:46.0406 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/11/06 16:51:46.0484 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/11/06 16:51:46.0531 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2010/11/06 16:51:46.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/06 16:51:46.0687 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys

2010/11/06 16:51:46.0843 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/11/06 16:51:46.0937 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/11/06 16:51:47.0093 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys

2010/11/06 16:51:47.0171 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/11/06 16:51:47.0234 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys

2010/11/06 16:51:47.0265 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

2010/11/06 16:51:47.0343 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/11/06 16:51:47.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/06 16:51:47.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/06 16:51:47.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/06 16:51:47.0687 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/06 16:51:47.0734 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2010/11/06 16:51:47.0859 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/06 16:51:47.0890 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/06 16:51:47.0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/06 16:51:48.0046 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/06 16:51:48.0218 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/06 16:51:48.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/06 16:51:48.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/06 16:51:48.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/06 16:51:48.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/06 16:51:48.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/06 16:51:48.0671 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/06 16:51:48.0703 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/06 16:51:48.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/06 16:51:48.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/06 16:51:48.0859 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/06 16:51:48.0937 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/11/06 16:51:48.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/06 16:51:49.0093 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/06 16:51:49.0218 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/06 16:51:49.0375 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2010/11/06 16:51:49.0531 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2010/11/06 16:51:49.0609 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/06 16:51:49.0718 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/06 16:51:49.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/06 16:51:49.0843 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/06 16:51:49.0968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/06 16:51:50.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/06 16:51:50.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/06 16:51:50.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/06 16:51:50.0187 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/06 16:51:50.0234 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/06 16:51:50.0375 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/06 16:51:50.0500 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/06 16:51:50.0593 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/06 16:51:50.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/06 16:51:50.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/06 16:51:50.0812 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/11/06 16:51:50.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/06 16:51:50.0906 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/06 16:51:51.0046 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/06 16:51:51.0156 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/06 16:51:51.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/06 16:51:51.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/06 16:51:51.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/06 16:51:51.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/06 16:51:51.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/06 16:51:51.0531 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/06 16:51:51.0562 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/06 16:51:51.0593 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/06 16:51:51.0781 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/06 16:51:51.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/06 16:51:51.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/06 16:51:51.0937 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/06 16:51:52.0078 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/06 16:51:52.0156 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/06 16:51:52.0171 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/06 16:51:52.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/06 16:51:52.0421 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2010/11/06 16:51:52.0625 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/06 16:51:52.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/06 16:51:52.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/06 16:51:52.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/06 16:51:53.0062 nv (7f4551a2a1e96b4a6c29ef19dacce18c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/11/06 16:51:53.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/06 16:51:53.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/06 16:51:53.0500 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/06 16:51:53.0531 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys

2010/11/06 16:51:53.0546 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/06 16:51:53.0593 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/06 16:51:53.0609 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/06 16:51:53.0671 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/06 16:51:53.0687 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/06 16:51:53.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/06 16:51:53.0890 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/06 16:51:54.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/06 16:51:54.0062 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/06 16:51:54.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/06 16:51:54.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/06 16:51:54.0281 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/06 16:51:54.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/06 16:51:54.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/06 16:51:54.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/06 16:51:54.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/06 16:51:54.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/06 16:51:54.0640 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/06 16:51:54.0687 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/11/06 16:51:54.0734 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/11/06 16:51:54.0781 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/11/06 16:51:54.0859 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/11/06 16:51:55.0031 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/11/06 16:51:55.0093 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/06 16:51:55.0171 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/06 16:51:55.0218 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/11/06 16:51:55.0234 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/11/06 16:51:55.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/06 16:51:55.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/06 16:51:55.0500 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/06 16:51:55.0578 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/06 16:51:55.0640 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/11/06 16:51:55.0765 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2010/11/06 16:51:55.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/06 16:51:55.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/06 16:51:56.0078 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/06 16:51:56.0156 Tcpip (a29e1209f925a0e9b330e11da5fc7bab) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/06 16:51:56.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/06 16:51:56.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/06 16:51:56.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/06 16:51:56.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/06 16:51:56.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/06 16:51:56.0718 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/06 16:51:56.0765 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/06 16:51:56.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/06 16:51:56.0890 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/06 16:51:56.0984 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/06 16:51:57.0046 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/06 16:51:57.0125 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/06 16:51:57.0156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/06 16:51:57.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/06 16:51:57.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/06 16:51:57.0281 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/06 16:51:57.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/06 16:51:57.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/06 16:51:57.0625 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2010/11/06 16:51:57.0796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/11/06 16:51:57.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/06 16:51:57.0968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/06 16:51:58.0234 ================================================================================

2010/11/06 16:51:58.0234 Scan finished

2010/11/06 16:51:58.0234 ================================================================================

 

scan-result eset :

 

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4t4r4bt.default\extensions\{84a2a9a4-88c2-4f57-9f93-9409cd81e3cd}\chrome\xulcache.jar JS/Agent.NCP trojan deleted - quarantined

 

chechup :

 

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 22

Out of date Java installed! <--- Je le met à jour de ce pas

Adobe Flash Player 10.1.102.64

Adobe Reader 9.4.0 - Français

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

ESET ESET Online Scanner OnlineCmdLineScanner.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

 

 

Voila

Merci encore.

Modifié le 6 novembre 2010 par MoiBeber

[lance_yien]

Bonjour,

 

TDSSKiller ne semble pas trouver de rootkits par contre MBAM semble avoir bien bossé

 

chechup :

...

Out of date Java installed! <--- Je le met à jour de ce pas

...

Regarde dans le "Panneau de configuration" et dis-moi si tu trouves plusieurs versions de java, repérable par cette icône

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles ayant servi à un quelconque transfert de données (clés USB...).

Fermer tout et double-cliquer sur OTL.exe.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Poster le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

a++

[MoiBeber]

Salut, désolé pour le retard de ma réponse, je ne t'ai pas précisé mis cet ordinateur tourne sous XP ce n'est pas mon ordinateur.

 

Regarde dans le "Panneau de configuration" et dis-moi si tu trouves plusieurs versions de java, repérable par cette icône Image IPB

 

Il n'y a qu'une seule icône et je n'ai pas trouvé de mise à jour.

 

A la fin du scan, 2 rapports seront créés: OTL.txt

 

OTL logfile created on: 08/11/2010 08:00:07 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,78 Gb Total Space | 80,82 Gb Free Space | 72,30% Space Free | Partition Type: NTFS

Drive D: | 47,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 3,72 Gb Total Space | 3,72 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Drive F: | 7,45 Gb Total Space | 6,26 Gb Free Space | 83,93% Space Free | Partition Type: FAT32

 

Computer Name: USER-4E3E752DFF | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/11/08 07:58:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\OTL.exe

PRC - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/08 13:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2007/10/08 13:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/10/08 13:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007/10/08 13:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/10/08 13:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2007/10/08 13:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2007/10/08 13:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2007/04/13 16:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2001/01/05 12:41:24 | 000,022,016 | ---- | M] (Inprise Corporation) -- C:\Program Files\Borland\InterBase\bin\ibguard.exe

PRC - [2001/01/05 12:40:58 | 001,701,888 | ---- | M] (Inprise Corporation) -- C:\Program Files\Borland\InterBase\bin\ibserver.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/11/08 07:58:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\OTL.exe

MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/08/17 13:39:03 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/17 13:38:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/02/24 22:52:00 | 003,411,964 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2007/10/08 13:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2007/10/08 13:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/10/08 13:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2007/10/08 13:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2007/04/13 16:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

SRV - [2001/01/05 12:41:24 | 000,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\Program Files\Borland\InterBase\bin\ibguard.exe -- (InterBaseGuardian)

SRV - [2001/01/05 12:40:58 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\Program Files\Borland\InterBase\bin\ibserver.exe -- (InterBaseServer)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - [2010/08/17 13:39:11 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/08/17 13:39:11 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/09/26 05:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Pilote de carte Intel®

DRV - [2007/08/27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/11/21 03:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/11/14 23:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/14 18:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/05/24 17:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2006/05/24 17:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)

DRV - [2006/05/24 17:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2006/05/24 17:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006/05/24 17:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)

DRV - [2006/05/24 17:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2006/05/24 16:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2006/05/24 16:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2006/05/01 14:46:00 | 003,653,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 33 B3 2D 0F 08 43 6A 40 9A 0A AB CD 51 09 90 A1 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "iminent-en Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q="

FF - prefs.js..browser.startup.homepage: "sfr.fr/"

FF - prefs.js..extensions.enabledItems: {792BDDFE-2E7C-42ed-B18D-18154D2761BD}:0.9.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {84a2a9a4-88c2-4f57-9f93-9409cd81e3cd}:1.0

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 21:18:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 21:18:55 | 000,000,000 | ---D | M]

 

[2010/11/01 13:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/11/01 13:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/11/07 14:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4t4r4bt.default\extensions

[2010/06/24 17:57:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4t4r4bt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/24 23:50:24 | 000,000,000 | ---D | M] (TabRenamizer) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4t4r4bt.default\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD}

[2010/11/03 22:13:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4t4r4bt.default\extensions\{84a2a9a4-88c2-4f57-9f93-9409cd81e3cd}

[2009/01/25 12:37:42 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\v4t4r4bt.default\searchplugins\conduit.xml

[2010/11/07 14:33:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/28 13:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/21 12:07:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/06 19:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/06 19:20:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/02/12 20:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll

[2010/03/11 21:02:13 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/03/11 21:02:13 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/03/11 21:02:13 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2008/08/27 10:36:38 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml

[2010/03/11 21:02:13 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/03/23 18:07:59 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2004/08/05 11:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {0F2DB333-4308-406A-9A0A-ABCD510990A1} - C:\WINDOWS\System32\audiodev32.dll File not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (14e12b9f) - {A36CEF6E-90E8-F9A3-37ED-EA433C74CF67} - C:\WINDOWS\System32\mnmdd32.dll File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page introuvable | Facebook (Facebook Photo Uploader 5)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213300241359 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/28 18:16:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{257647ec-d380-11df-8917-0013e809ec09}\Shell - "" = AutoRun

O33 - MountPoints2\{257647ec-d380-11df-8917-0013e809ec09}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/08 07:58:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\OTL.exe

[2010/11/07 17:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATLAS

[2010/11/07 17:36:59 | 000,305,664 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn040c.exe

[2010/11/07 17:36:47 | 000,277,776 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcrt.dll

[2010/11/06 19:21:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/11/06 19:21:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/06 19:21:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/06 19:21:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/04 18:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\eMule

[2010/11/04 18:51:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010/11/04 18:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Avira

[2010/11/03 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR

[2010/11/03 22:13:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\A445180BA2C4AD6940CD78AD1303B35C

[2010/11/03 22:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1453333677

[2010/11/03 22:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FrostWire

[2010/11/03 21:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mes documents\Vuze Downloads

[2010/11/03 21:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Azureus

[2010/11/01 13:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\LimeWire

[2010/10/29 15:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\J4

[2010/10/26 20:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mes documents\CRA+ORG+R1A+R1BJA

[2010/10/26 20:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mes documents\AN + JAN

[2010/10/26 20:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mes documents\COMPTA PING

[2010/10/22 22:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\cf R1

[2010/10/16 01:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/10/16 00:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/10/16 00:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/10/14 21:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010/10/13 09:26:45 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010/10/13 09:26:45 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010/10/13 09:26:08 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010/10/12 18:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe

[2010/10/09 09:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\U3

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/08 07:58:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\OTL.exe

[2010/11/08 07:50:17 | 000,057,094 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/11/08 07:50:16 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/08 07:50:05 | 000,062,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/08 07:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/07 17:38:06 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Il était une fois la vie.lnk

[2010/11/07 17:38:06 | 000,000,063 | ---- | M] () -- C:\WINDOWS\atlas-fra.INI

[2010/11/07 17:37:53 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/07 17:37:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/11/07 17:37:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/11/07 01:34:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/11/06 19:20:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/11/06 19:20:39 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/06 19:20:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/06 19:20:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/06 19:20:39 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/11/06 13:25:46 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/11/06 13:05:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/05 17:45:57 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010/11/05 17:45:57 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/05 17:45:57 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010/11/05 17:45:57 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/04 19:00:19 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\eMule.lnk

[2010/11/04 18:35:51 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\350748854

[2010/11/04 18:35:28 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System32\34127ccd

[2010/11/03 22:14:22 | 000,000,246 | -HS- | M] () -- C:\WINDOWS\System32\885140378

[2010/11/03 22:13:41 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe

[2010/11/03 22:12:57 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\507276477

[2010/10/30 17:04:15 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\Raccourci vers Suivi des cadres de l'arbitrage en M(1) P 09 10-DPA.lnk

[2010/10/18 20:05:25 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/14 21:18:34 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/13 18:12:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/10/10 21:17:24 | 000,057,094 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\User\*.tmp files -> C:\Documents and Settings\User\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/11/07 17:38:06 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Il était une fois la vie.lnk

[2010/11/07 17:38:06 | 000,000,063 | ---- | C] () -- C:\WINDOWS\atlas-fra.INI

[2010/11/04 19:00:19 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\eMule.lnk

[2010/11/04 18:35:28 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\34127ccd

[2010/11/03 22:14:22 | 000,000,246 | -HS- | C] () -- C:\WINDOWS\System32\885140378

[2010/11/03 22:14:20 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\350748854

[2010/11/03 22:13:41 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe

[2010/11/03 22:12:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\507276477

[2010/10/30 17:04:15 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau\Raccourci vers Suivi des cadres de l'arbitrage en M(1) P 09 10-DPA.lnk

[2009/11/26 15:28:00 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2009/11/16 19:17:44 | 000,000,707 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2009/11/16 17:42:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/04/17 02:07:15 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/11/21 08:36:39 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/24 21:53:38 | 002,777,088 | ---- | C] () -- C:\WINDOWS\System32\qt222.dll

[2008/06/20 17:24:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/16 14:04:56 | 000,000,368 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/06/13 18:10:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2008/06/13 10:19:59 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat

[2008/06/11 16:50:05 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/09 16:00:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2008/06/09 16:00:18 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/06/09 16:00:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/06/09 16:00:16 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/06/09 16:00:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/06/09 15:34:43 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2008/05/28 20:06:35 | 000,004,362 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/06/27 01:33:52 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL

[2006/05/24 17:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2008/05/28 18:16:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/06/21 14:27:31 | 000,000,212 | -HS- | M] () -- C:\boot.ini

[2004/08/05 11:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2009/02/25 21:38:15 | 000,000,686 | ---- | M] () -- C:\cleannavi.txt

[2008/05/28 18:16:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2009/02/25 21:37:05 | 000,002,971 | ---- | M] () -- C:\fixnavi.txt

[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2008/05/28 18:16:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/11/16 23:40:45 | 000,000,203 | -H-- | M] () -- C:\IPH.PH

[2010/04/09 14:37:19 | 000,008,488 | ---- | M] () -- C:\JavaRa.log

[2010/11/04 18:59:54 | 000,000,127 | ---- | M] () -- C:\mbam-error.txt

[2008/05/28 18:16:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2007/02/12 20:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\npigl.dll

[2007/02/09 14:55:54 | 000,000,283 | ---- | M] () -- C:\npigl.xpt

[2004/08/05 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/10/31 11:43:47 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2010/11/08 07:49:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2010/05/08 13:21:59 | 000,000,432 | ---- | M] () -- C:\Raccourci vers Documents partagés.lnk

[2008/06/12 21:54:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2008/06/12 21:54:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm

[2008/06/12 21:54:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2008/06/12 21:54:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2010/11/06 16:56:34 | 000,038,902 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_06.11.2010_16.51.25_log.txt

[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2009/11/16 23:42:19 | 000,000,007 | R--- | M] () -- C:\WMDO.CFG

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2008/05/28 20:04:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2008/05/28 20:04:27 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2008/05/28 20:04:27 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %systemroot%\system32\drivers\*.sys /90 >

[2010/08/17 13:39:11 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys

[2010/08/17 13:39:11 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys

[2010/08/26 14:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

 

< End of report >

 

et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

OTL Extras logfile created on: 08/11/2010 08:00:07 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,78 Gb Total Space | 80,82 Gb Free Space | 72,30% Space Free | Partition Type: NTFS

Drive D: | 47,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 3,72 Gb Total Space | 3,72 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Drive F: | 7,45 Gb Total Space | 6,26 Gb Free Space | 83,93% Space Free | Partition Type: FAT32

 

Computer Name: USER-4E3E752DFF | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\WINDOWS\odbcconfwow.exe" = C:\WINDOWS\odbcconfwow.exe:*:Enabled:Windows Update Service -- File not found

"C:\WINDOWS\dbnmpntwwow.exe" = C:\WINDOWS\dbnmpntwwow.exe:*:Enabled:Windows Update Service -- File not found

"C:\WINDOWS\msrd3x40wow.exe" = C:\WINDOWS\msrd3x40wow.exe:*:Enabled:Windows Update Service -- File not found

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found

"C:\WINDOWS\odbcconfwow.exe" = C:\WINDOWS\odbcconfwow.exe:*:Enabled:Windows Update Service -- File not found

"C:\WINDOWS\dbnmpntwwow.exe" = C:\WINDOWS\dbnmpntwwow.exe:*:Enabled:Windows Update Service -- File not found

"C:\WINDOWS\msrd3x40wow.exe" = C:\WINDOWS\msrd3x40wow.exe:*:Enabled:Windows Update Service -- File not found

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = CanoScan Toolbox 4.6

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series" = Canon iP3500 series

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 4200F

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"4569969E1360D2854474C661EF9B4D54F143EB16" = Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CANONIJPLM100" = PIXMA Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easysoft ODBC for InterBase 6" = Easysoft ODBC for InterBase 6

"eMule" = eMule

"Enregistrement utilisateur de Canon iP3500 series" = Enregistrement utilisateur de Canon iP3500 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Il était une fois la vie" = Il était une fois la vie

"InterBase" = InterBase

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"Navilog1_is1" = Navilog1 3.7.4

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"ProInst" = Logiciel Intel® PROSet/Wireless

"SPIDD" = SPID déconnecté (Iorga)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01/11/2010 03:30:42 | Computer Name = USER-4E3E752DFF | Source = ESENT | ID = 490

Description = svchost (1096) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 03/11/2010 17:13:02 | Computer Name = USER-4E3E752DFF | Source = Application Error | ID = 1000

Description = Application défaillante quicktime_update_kb021745.exe, version 1.2.1.0,

module défaillant quicktime_update_kb021745.exe, version 1.2.1.0, adresse de défaillance

0x00003267.

 

Error - 03/11/2010 17:13:33 | Computer Name = USER-4E3E752DFF | Source = Application Error | ID = 1000

Description = Application défaillante B9.tmp, version 1.2.1.0, module défaillant

B9.tmp, version 1.2.1.0, adresse de défaillance 0x000030ff.

 

Error - 04/11/2010 05:38:50 | Computer Name = USER-4E3E752DFF | Source = Application Hang | ID = 1002

Description = Application bloquée guardgui.exe, version 9.0.3.0, module bloqué hungapp,

version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 04/11/2010 09:23:10 | Computer Name = USER-4E3E752DFF | Source = crypt32 | ID = 131083

Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon

la vérification par rapport à l'horloge système en cours ou le tampon daté dans

le fichier signé.

 

Error - 04/11/2010 09:23:10 | Computer Name = USER-4E3E752DFF | Source = crypt32 | ID = 131083

Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon

la vérification par rapport à l'horloge système en cours ou le tampon daté dans

le fichier signé.

 

Error - 06/11/2010 03:34:45 | Computer Name = USER-4E3E752DFF | Source = ESENT | ID = 490

Description = svchost (1096) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 06/11/2010 19:40:23 | Computer Name = USER-4E3E752DFF | Source = ESENT | ID = 490

Description = svchost (1096) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 08/11/2010 02:50:20 | Computer Name = USER-4E3E752DFF | Source = ESENT | ID = 490

Description = svchost (1096) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)

: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un

autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur

-1032 (0xfffffbf8).

 

Error - 08/11/2010 02:52:08 | Computer Name = USER-4E3E752DFF | Source = Application Hang | ID = 1002

Description = Application bloquée Il était une fois la vie.exe, version 7.0.2.85,

module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

[ System Events ]

Error - 07/11/2010 17:32:25 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:30 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:34 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:38 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:42 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:46 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:50 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:54 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 07/11/2010 17:32:58 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

Error - 08/11/2010 02:49:56 | Computer Name = USER-4E3E752DFF | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

 

 

< End of report >

 

Merci encore.

[lance_yien]

Bonjour,

 

>>> Une très belle collection,

• FrostWire
  
• Vuze Downloads
  
• Azureus
  
• LimeWire
  
• eMule

qui mérite réflexion (lire attentivement)et que je te conseille VIVEMENT de désinstaller et rester à l'écart de ce type de partage qui en plus risque de ralentir ta machine parce qu'ils utilisent ta bande passante etc.

 

>>> Lancer OTL et copier la liste suivante et la coller dans l'espace sous "Personnalisation".

 

dir /a:h C:\WINDOWS\System32\A445180BA2C4AD6940CD78AD1303B35C /c

dir /a:h C:\WINDOWS\System32\1453333677 /c

dir /a:h C:\WINDOWS\System32\350748854 /c

dir /a:h C:\WINDOWS\System32\34127ccd /c

dir /a:h C:\WINDOWS\System32\885140378 /c

dir /a:h C:\WINDOWS\System32\507276477 /c

Cliquer sur le bouton gris Aucun puis sur Analyse.

A la fin un rapport s'ouvre dans le bloc-note. Copier tout son contenu et le coller dans une nouvelle réponse du forum. Fermer le rapport et OTL.

 

>>> Analyse de fichier(s):

• Copier la 1ère ligne de ce qui suit et aller sur le site Jotti.
   
  C:\WINDOWS\IsUn040c.exe
  C:\WINDOWS\System32\unrar.exe
   
  
• Cliquer sur Parcourir....
  
• Dans la nouvelle fenêtre, cliquer-droit dans "Nom du fichier" => "Coller" puis cliquer sur "Ouvrir".
  
• Cliquer sur Envoyer et laisser faire l'analyse.
  
• A la fin cliquer-droit sur le bouton Votre lien permanent... => "Copier l'adresse du lien".
   
  
  

  
  

• Recommencer avec la 2ème ligne en cliquant sur le bouton "Prochain fichier".
  

Coller ces adresses dans la prochaine réponse.

 

Note: Si Jotti est surchargé aller sur Virustotal,

 

Rapports demandés de OTL et 2 liens permanents de Jotti.

 

a++

[MoiBeber]

Salut,

 

>>> Une très belle collection,

 

* FrostWire

* Vuze Downloads

* Azureus <--- Qu'est ce ?

* LimeWire

* eMule

 

Ce n'est pas mon PC mais je lui en parlerais mais je vois qu'il y a seulement E-mule d'installé.

 

A la fin un rapport s'ouvre dans le bloc-note. Copier tout son contenu et le coller dans une nouvelle réponse du forum. Fermer le rapport et OTL.

 

OTL logfile created on: 09/11/2010 13:22:58 - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\User\Mes documents\Dossier Bluetooth Exchange\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,78 Gb Total Space | 80,76 Gb Free Space | 72,24% Space Free | Partition Type: NTFS

Drive D: | 47,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: USER-4E3E752DFF | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Custom Scans ==========

 

 

< dir /a:h C:\WINDOWS\System32\A445180BA2C4AD6940CD78AD1303B35C /c >

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 6492-7BCA

R‚pertoire de C:\WINDOWS\SYSTEM32\A445180BA2C4AD6940CD78AD1303B35C

04/11/2010 17:18 <REP> .

04/11/2010 17:18 <REP> ..

04/11/2010 21:05 <REP> b

03/11/2010 22:14 <REP> h

03/11/2010 22:14 87 ntuser.dat

03/11/2010 22:13 203ÿ776 unrar.exe

2 fichier(s) 203ÿ863 octets

4 R‚p(s) 86ÿ710ÿ763ÿ520 octets libres

 

< dir /a:h C:\WINDOWS\System32\1453333677 /c >

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 6492-7BCA

R‚pertoire de C:\WINDOWS\SYSTEM32\1453333677

 

< dir /a:h C:\WINDOWS\System32\350748854 /c >

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 6492-7BCA

R‚pertoire de C:\WINDOWS\SYSTEM32

 

< dir /a:h C:\WINDOWS\System32\34127ccd /c >

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 6492-7BCA

R‚pertoire de C:\WINDOWS\SYSTEM32

 

< dir /a:h C:\WINDOWS\System32\885140378 /c >

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 6492-7BCA

R‚pertoire de C:\WINDOWS\SYSTEM32

03/11/2010 22:14 246 885140378

1 fichier(s) 246 octets

0 R‚p(s) 86ÿ710ÿ751ÿ232 octets libres

 

< dir /a:h C:\WINDOWS\System32\507276477 /c >

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 6492-7BCA

R‚pertoire de C:\WINDOWS\SYSTEM32

 

< End of report >

Coller ces adresses dans la prochaine réponse.

 

C:\WINDOWS\IsUn040c.exe

C:\WINDOWS\System32\unrar.exe

Modifié le 9 novembre 2010 par MoiBeber

[lance_yien]

Ce n'est pas mon PC mais je lui en parlerais mais je vois qu'il y a seulement E-mule d'installé.

Il faut vraiment prendre conscience du danger, la majorité des nouvelles infections passent par là. Pourquoi prendre des risques lorsqu'on peut trouver presque tout en programmes gratuits et légitimes?

Les autres (tous des programmes P2P) doivent être des restes après désinstallation. Ils sont dans C:\Documents and Settings\User\Application Data\.

On les supprime avec OTL. le contrôle des fichiers/dossiers ne donne rien de méchant. Après cette étape on pourra conclure.

 

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation".

 

:OTL

O2 - BHO: (no name) - {0F2DB333-4308-406A-9A0A-ABCD510990A1} - C:\WINDOWS\System32\audiodev32.dll File not found

O2 - BHO: (14e12b9f) - {A36CEF6E-90E8-F9A3-37ED-EA433C74CF67} - C:\WINDOWS\System32\mnmdd32.dll File not found

O33 - MountPoints2\{257647ec-d380-11df-8917-0013e809ec09}\Shell - "" = AutoRun

O33 - MountPoints2\{257647ec-d380-11df-8917-0013e809ec09}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

 

:Files

C:\Documents and Settings\User\Application Data\FrostWire

C:\Documents and Settings\User\Mes documents\Vuze Downloads

C:\Documents and Settings\User\Application Data\Azureus

C:\Documents and Settings\User\Application Data\LimeWire

 

 

:Commans

[EMPTYTEMP]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme vous demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

 

A la fin un rapport s'ouvre dans le bloc-note. Copier tout son contenu et le coller dans une nouvelle réponse du forum. Fermer le rapport et OTL.

 

Autres soucis?

[MoiBeber]

Re,

 

Cliquer sur le bouton rouge Correction et laisser faire.

 

Cela prend du temps ou cela est rapide car cela fait 10 minutes que c'est en cours. En bas de la fenêtre OTL il y a écrit Processing complete mais rien ne bouge et je n'ai plus mon bureau juste le fond d'écran.

 

Toujours le même problème à 17h33...

 

J'ai reboot le PC besoin pour son travail...

 

 

A la fin un rapport s'ouvre dans le bloc-note. Copier tout son contenu et le coller dans une nouvelle réponse du forum. Fermer le rapport et OTL.

 

Au redémarrage en appuyant sur le bouton (pas bien :s) j'ai eu ce rapport:

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F2DB333-4308-406A-9A0A-ABCD510990A1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F2DB333-4308-406A-9A0A-ABCD510990A1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A36CEF6E-90E8-F9A3-37ED-EA433C74CF67}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A36CEF6E-90E8-F9A3-37ED-EA433C74CF67}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257647ec-d380-11df-8917-0013e809ec09}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257647ec-d380-11df-8917-0013e809ec09}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257647ec-d380-11df-8917-0013e809ec09}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257647ec-d380-11df-8917-0013e809ec09}\ not found.

File E:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\LaunchU3.exe not found.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

========== FILES ==========

C:\Documents and Settings\User\Application Data\FrostWire\xml\data folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\xml folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\themes folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\torrents folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\tmp folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\plugins folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\net folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\logs folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\dht folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus\active folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\azureus folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\User\Application Data\FrostWire folder moved successfully.

C:\Documents and Settings\User\Mes documents\Vuze Downloads folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\torrents folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\tmp folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\subs folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\shares folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\rss folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\plugins\mlab folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\plugins\azupnpav folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\plugins folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\net folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\logs folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\dht folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus\active folder moved successfully.

C:\Documents and Settings\User\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\promotion folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\mozilla-profile folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser\xulrunner folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\browser folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\User\Application Data\LimeWire folder moved successfully.

Error: Unable to interpret <:Commans> in the current context!

Error: Unable to interpret <[EMPTYTEMP]> in the current context!

Error: Unable to interpret <[RESETHOSTS]> in the current context!

 

OTL by OldTimer - Version 3.2.17.3 log created on 11092010_155440

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

Le problème de redirection à disparu merci beaucoup

 

Y-a-t-il eu des problèmes avec OTL? Comment puis-je le faire disparaître? Je ne trouve plus le dossier Application Data est-ce normal? Un soucis avec Java?

Modifié le 9 novembre 2010 par MoiBeber

[lance_yien]

 

Le problème de redirection à disparu merci beaucoup

 

Y-a-t-il eu des problèmes avec OTL? Comment puis-je le faire disparaître? Je ne trouve plus le dossier Application Data est-ce normal? Un soucis avec Java?

Content que ton problème principal soit résolu!

Le dossier "Application Data" est un dossier caché. Si tu veux le voir passe par les options de dossiers.

Non ta version de Java est bonne

Oui visiblement il y a eu un souci avec OTL et il n'a pas tout fait parce qu'une de mes commandes n'était pas reconnu. Désolé!

 

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation".

 

:Commands

[EMPTYTEMP]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme vous demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. INUTILE DE LE POSTER.

 

 

Dans la fenêtre de OTL, cliquer sur Purge outils. Laisser faire et redémarrer le PC.

- Pour supprimer les autres utilitaires et leur rapports, cliquer-droit dessus => "Supprimer".

 

 

>>> Ré-initialiser les Points de Restauration:

Clic-droit sur "Poste de travail" => "Propriétés" => "Restauration Système"

Cocher la case "désactiver..." et cliquer sur "appliquer".

Quand c'est prêt décocher cette même case => "OK" et redémarrer le PC.

Un nouveau point de restauration sera créé.

 

 

>>> Pour des mises à jour sans soucis: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC et notre meilleur moyen est de TOUT mettre à jour régulièrement:

 

• Vérifier les Mises à jour de Windows et opter (si ce n'est pas encore fait) pour une MAJ Automatique:
  Clic-droit sur "Poste de travail" => "Propriétés" => onglet "Mises à jour automatiques". Attention à l'heure programmée: il faut que le PC soit allumé à l'heure choisie.
   
  
  

  
   
  

• Installer Update Checker pour les drivers.
   
  
• Installer PSI Secunia pour les logiciels.
  

 

>>> Ajouter Résolu: Merci d'éditer ton 1er post pour ajouter [Résolu] à la fin du titre!