[Résolu] Disque dur C plein : virus ?

[Vatt]

Bonjour,

pouvez-vous SVP m'aider à résoudre mon problème ?

Mon disque C a une capacité de 60 Go, je n'utilise que environ 10 Go et je n'ai plus d'espace libre.

J'ai effectué toutes les manips : defrag, suppression des points de restauration, mises à jours etc... et toujours rien n'a changé.

Voici mon rapport HiJack This :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:49:49, on 06/07/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Shield\shieldtray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Agence-Exclusive\pctuto.exe

C:\Documents and Settings\user\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe

C:\Program Files\PSI\psi_tray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\PSI\PSIA.exe

C:\Program Files\Shield\shdserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Shield\shieldclnt.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\PSI\sua.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

E:\Téléchargements\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google Actualités

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCTBHO - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} - C:\Program Files\Agence-Exclusive\pctutoBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [shield] C:\Program Files\Shield\shieldtray.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [pctuto] "C:\Program Files\Agence-Exclusive\pctuto.exe"

O4 - HKLM\..\Run: [autoupdater] C:\Documents and Settings\user\Application Data\Agence-Exclusive\Agence-Exclusive\autoupdater.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\PSI\psi_tray.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/RACtrl.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Pare-feu AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\PSI\sua.exe

O23 - Service: SHDSERV - Unknown owner - C:\Program Files\Shield\shdserv.exe

O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files\Shield\shieldclnt.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 11234 bytes

 

Merci pour votre précieuse aide

 

Très cordialement

Modifié le 24 septembre 2011 par Vatt

[lance_yien]

Bonjour Vatt,

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

Si à la place du bouton "Suivre ce sujet" tu as "Arrêter de suivre ce sujet", c'est que les réglages ont déjà été faits.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions:

• Lire la totalité du message.
  
• Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau. Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau (ou les déplacer avant utilisation par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller").
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

 

>>> Ne pas abandonner son sujet avant d'avoir été informé(e) que tout est OK.

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et commence par désinstaller "Agence-Exclusive" et supprimer son dossier C:\Program Files\Agence-Exclusive. Il est là surtout pour récupérer et vendre toute information trouvée dans ta machine.

 

 

Ensuite,

 

Télécharger, sur le Bureau:

• OTL (par OldTimer) depuis ici ou ici.
• Security Check (par screen317) depuis ici ou ici.

 

>>> Utiliser OTL: Brancher et allumer tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ parefeu et antispyware.

Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

 

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

 

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" (Vista/W7, cliquer-droit dessus => "Exécuter en tant qu'administrateur") pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

 

Rapports demandés:

• OTL.txt
• Extras.txt
• checkup.txt

[Vatt]

Bonsoir,

voici comme demandé le rapport OTL.txt :

 

OTL logfile created on: 07/07/2011 21:51:22 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

1,97 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 60,40% Memory free

3,30 Gb Paging File | 2,63 Gb Available in Paging File | 79,63% Paging File free

Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 58,59 Gb Total Space | 1,54 Gb Free Space | 2,63% Space Free | Partition Type: NTFS

Drive E: | 94,79 Gb Total Space | 85,16 Gb Free Space | 89,84% Space Free | Partition Type: NTFS

Drive G: | 931,28 Gb Total Space | 822,43 Gb Free Space | 88,31% Space Free | Partition Type: FAT32

 

Computer Name: VERITON | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/07/07 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe

PRC - [2011/06/24 21:48:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/04/20 11:19:50 | 000,456,192 | ---- | M] (Giganews, Inc.) -- C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe

PRC - [2011/04/19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\PSI\psia.exe

PRC - [2011/04/19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\PSI\sua.exe

PRC - [2011/04/19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\PSI\psi_tray.exe

PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe

PRC - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe

PRC - [2010/10/08 10:21:30 | 000,750,920 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/25 13:43:06 | 000,212,992 | ---- | M] () -- C:\Program Files\Shield\SHDSERV.exe

PRC - [2007/07/25 13:43:04 | 003,719,168 | ---- | M] () -- C:\Program Files\Shield\shieldtray.exe

PRC - [2007/07/25 13:38:36 | 000,045,056 | ---- | M] () -- C:\Program Files\Shield\shieldclnt.exe

PRC - [2006/07/29 12:20:34 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/07/07 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe

MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2007/07/25 13:38:58 | 000,049,152 | ---- | M] () -- C:\Program Files\Shield\idle.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/04/19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2011/04/19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)

SRV - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2007/11/06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/07/25 13:43:06 | 000,212,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Shield\SHDSERV.exe -- (SHDSERV)

SRV - [2007/07/25 13:38:36 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Shield\shieldclnt.exe -- (ShieldClientService)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/07/29 12:20:34 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/02/11 18:35:45 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2009/02/11 16:15:18 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)

DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2007/11/06 22:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2007/07/25 13:41:34 | 000,017,664 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\Shieldf.sys -- (Shieldf)

DRV - [2007/07/25 13:41:30 | 000,026,112 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Shieldm.sys -- (shieldm)

DRV - [2007/07/25 13:41:28 | 000,002,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SHDBUS.sys -- (shdbus)

DRV - [2007/07/25 13:41:26 | 000,063,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Shield.sys -- (Shield)

DRV - [2006/08/15 15:41:16 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/06/19 15:18:56 | 000,043,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google Actualités

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A D4 8D AE A4 71 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://fr.news.yahoo.com"

FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=14542&q="

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/25 12:12:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 21:48:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 21:00:20 | 000,000,000 | ---D | M]

 

[2009/11/08 19:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2011/06/25 23:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions

[2010/05/07 13:26:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/25 22:59:53 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}

[2011/05/26 08:39:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com

[2010/01/15 14:58:08 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\searchplugins\fast-browser-search.xml

[2011/06/13 22:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/28 23:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/05/29 18:45:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/06/13 22:34:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2011/06/25 12:12:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

[2011/05/28 23:16:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/06/24 21:48:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/24 22:57:54 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/09/25 15:32:22 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011/05/24 22:57:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/05/24 22:57:54 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2011/05/24 22:57:54 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2011/05/24 22:57:54 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2011/05/24 22:57:54 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/07/06 21:06:22 | 000,435,706 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14994 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [shield] C:\Program Files\Shield\shieldtray.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe (Giganews, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Secunia PSI Tray.lnk = C:\Program Files\PSI\psi_tray.exe (Secunia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/21 22:01:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/02/02 18:55:56 | 000,000,026 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)

Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/07/07 21:49:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe

[2011/07/07 21:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2011/07/06 22:42:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2011/07/06 22:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\JAM Software

[2011/07/06 20:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/29 22:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\K-Lite Codec Pack

[2011/06/19 22:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\pctuto

[2011/06/19 22:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\gtk-2.0

[2011/06/19 22:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\.thumbnails

[2011/06/19 22:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\.gimp-2.6

[2011/06/19 22:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIMP

[2011/06/19 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2011/06/18 22:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\com.socialbox.socialbox

[2011/06/18 22:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR

[2011/06/17 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe

[2011/06/17 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2011/06/15 00:00:41 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys

[2011/06/14 00:12:22 | 000,000,000 | -H-D | C] -- E:\$AVG

[2011/06/13 23:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2011/06/13 22:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java

[2011/06/13 22:34:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/06/13 22:34:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/06/13 22:34:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/06/11 16:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ImgBurn

[2011/06/10 21:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes

[2011/06/10 21:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/08 22:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Démarrer\Programmes\AVS4YOU

[2011/06/08 22:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU

[2011/06/08 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVSDVDtoGO

[2011/06/08 22:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVS4YOU

[2011/06/08 22:56:12 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divx.dll

[2011/06/08 22:56:12 | 000,261,632 | ---- | C] (MainConcept) -- C:\WINDOWS\System32\mcdvd_32.dll

[2011/06/08 22:56:12 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divxdec.ax

[2011/06/08 22:56:12 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\vct3216.acm

[2011/06/08 22:56:12 | 000,038,912 | ---- | C] (NCT Company) -- C:\WINDOWS\System32\alf2cd.acm

[2011/06/08 22:56:12 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\Scg726.acm

[2011/06/08 22:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia

[2011/06/08 22:56:11 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll

[2011/06/08 22:56:11 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll

[2011/06/08 22:56:11 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll

[2011/06/08 22:56:11 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll

[2011/06/08 22:56:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll

[2011/06/08 22:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVSDVDPlayer

[2011/06/08 21:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Canneverbe Limited

[2011/06/08 21:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

 

========== Files - Modified Within 30 Days ==========

 

[2011/07/07 21:52:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/07/07 21:50:00 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\user\Bureau\SecurityCheck.exe

[2011/07/07 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe

[2011/07/07 21:48:01 | 121,362,516 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/07/07 21:45:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B665E8A7-6B58-4DF5-9070-03606F11A589}.job

[2011/07/07 21:44:36 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2011/07/07 21:44:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/07 21:43:26 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job

[2011/07/07 21:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/06 23:25:52 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/06 21:30:01 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job

[2011/07/06 21:19:53 | 000,000,246 | -HS- | M] () -- C:\boot.ini

[2011/07/06 21:06:22 | 000,435,706 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/06 20:16:44 | 000,656,026 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2011/07/06 19:59:38 | 000,501,692 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2011/07/06 19:59:38 | 000,433,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/06 19:59:38 | 000,081,556 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2011/07/06 19:59:38 | 000,068,222 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/06/29 22:37:48 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2011/06/25 12:12:19 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG 2011.lnk

[2011/06/23 20:24:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/06/19 22:33:06 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel

[2011/06/19 22:28:51 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\GIMP 2.lnk

[2011/06/17 21:00:21 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk

[2011/06/16 20:16:33 | 000,038,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/06/16 10:00:00 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/06/13 23:54:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Application Data\AVSDVDPlayer.m3u

[2011/06/10 21:19:25 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk

[2011/06/09 19:43:08 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/06/08 22:56:19 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVS DVD Player.lnk

 

========== Files Created - No Company Name ==========

 

[2011/07/07 21:52:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/07/07 21:49:59 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\user\Bureau\SecurityCheck.exe

[2011/06/19 22:33:06 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel

[2011/06/19 22:28:51 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\GIMP 2.lnk

[2011/06/18 22:00:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Socialbox.lnk

[2011/06/17 21:00:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk

[2011/06/17 21:00:20 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk

[2011/06/10 21:19:25 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk

[2011/06/08 23:06:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AVSDVDPlayer.m3u

[2011/06/08 22:56:19 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVS DVD Player.lnk

[2011/06/08 22:56:12 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx

[2011/06/08 22:56:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax

[2011/06/07 20:21:15 | 000,015,397 | ---- | C] () -- C:\Program Files\settings.dat

[2011/05/25 21:57:47 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011/05/25 21:53:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011/05/25 21:53:13 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/05/25 21:53:13 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/05/25 21:53:13 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/05/25 08:34:07 | 000,058,967 | ---- | C] () -- C:\Documents and Settings\user\Application Data\user3SQLite3.dll

[2011/05/25 08:01:25 | 000,058,959 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\SYSTEM3SQLite3.dll

[2010/11/25 18:27:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009/11/08 19:05:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/09/27 16:30:41 | 000,019,576 | ---- | C] () -- C:\WINDOWS\hpqins13.dat

[2009/09/19 20:19:00 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/05/04 17:04:40 | 000,000,090 | ---- | C] () -- C:\WINDOWS\CIV.INI

[2009/02/09 13:38:36 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2009/02/09 13:38:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2009/02/09 10:58:49 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/22 11:32:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008/06/22 11:32:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/06/22 11:27:14 | 000,459,664 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/06/22 11:27:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll

[2008/06/21 23:53:00 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/06/21 23:51:56 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/06/21 22:03:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/06/21 21:59:07 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/02/28 15:30:08 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2007/11/06 22:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2007/07/25 13:41:34 | 000,017,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Shieldf.sys

[2007/07/25 13:41:30 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Shieldm.sys

[2007/07/25 13:41:28 | 000,002,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\SHDBUS.sys

[2007/07/25 13:41:26 | 000,063,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\Shield.sys

[2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/05 14:00:00 | 000,501,692 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2004/08/05 14:00:00 | 000,433,266 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/05 14:00:00 | 000,081,556 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2004/08/05 14:00:00 | 000,068,222 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/05 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2008/06/24 09:52:53 | 000,001,024 | ---- | M] () -- C:\.rnd

[2008/06/21 22:01:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/07/06 21:19:53 | 000,000,246 | -HS- | M] () -- C:\boot.ini

[2004/08/05 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2008/06/21 22:01:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2008/06/21 22:01:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/06/21 22:01:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/05 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/06/22 12:52:01 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2011/07/07 21:43:21 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys

[2011/07/07 21:52:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2008/06/21 23:51:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2008/06/21 23:51:08 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2008/06/21 23:51:08 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %systemroot%\system32\drivers\*.sys /90 >

[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys

[2011/04/29 18:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

[2011/04/21 15:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys

[2011/05/10 08:06:08 | 000,042,496 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-04 17:16:54

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

 

< End of report >

 

et celui de extras.txt :

 

OTL Extras logfile created on: 07/07/2011 21:51:22 - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

1,97 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 60,40% Memory free

3,30 Gb Paging File | 2,63 Gb Available in Paging File | 79,63% Paging File free

Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 58,59 Gb Total Space | 1,54 Gb Free Space | 2,63% Space Free | Partition Type: NTFS

Drive E: | 94,79 Gb Total Space | 85,16 Gb Free Space | 89,84% Space Free | Partition Type: NTFS

Drive G: | 931,28 Gb Total Space | 822,43 Gb Free Space | 88,31% Space Free | Partition Type: FAT32

 

Computer Name: VERITON | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\NewsBin\nbpro.exe" = C:\Program Files\NewsBin\nbpro.exe:*:Enabled:Newsbin Pro -- (CMCEI)

"C:\Documents and Settings\LocalService\Application Data\WinDir\Svchost.exe" = C:\Documents and Settings\LocalService\Application Data\WinDir\Svchost.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Programme d'installation AVG -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:Diagnostics AVG 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Bouclier Web -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Gestionnaire des alertes AVG -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Scanner e-mail personnel -- (AVG Technologies CZ, s.r.o.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer

"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20187EBD-71B1-4913-AEFF-6E2E2A444434}" = Giganews Accelerator

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 26

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes

"{81EA9E2A-569C-63F6-0FEF-E65D99761F23}" = Socialbox

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Français

"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B91D5BCF-34B2-43F8-B698-F2BF7B874D06}" = Ordi-Fix Lite

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental

"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AVG" = AVG 2011

"AVS DVD Player_is1" = AVS DVD Player version 2.4

"CCleaner" = CCleaner

"com.socialbox.socialbox" = Socialbox

"FormatFactory" = FormatFactory 2.60

"HDMI" = Intel® Graphics Media Accelerator Driver

"HECI" = Intel® Management Engine Interface

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"InstallShield_{B91D5BCF-34B2-43F8-B698-F2BF7B874D06}" = Ordi-Fix Lite

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MESOL" = Intel® Active Management Technology LMS Service and SOL Driver

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)

"NewsBin5" = Newsbin Pro

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PROSet" = Intel® PRO Network Connections Drivers

"QuickPar" = QuickPar 0.9

"Secunia PSI" = Secunia PSI (2.0.0.3003)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Installation Windows Live

"WinPcapInst" = WinPcap 4.0.2

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

 

========== Last 10 Event Log Errors ==========

 

[ OSession Events ]

Error - 13/10/2009 20:17:44 | Computer Name = VERITON | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43330

seconds with 8820 seconds of active time. This session ended with a crash.

 

Error - 15/09/2010 19:27:38 | Computer Name = VERITON | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26995

seconds with 840 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 07/07/2011 02:14:36 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service NMSAccess s'est terminé de façon inattendue pour la 1ème

fois.

 

Error - 07/07/2011 02:14:37 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service SeaPort s'est terminé de façon inattendue pour la 1ème

fois.

 

Error - 07/07/2011 02:14:37 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service Secunia PSI Agent s'est terminé de façon inattendue pour

la 1ème fois.

 

Error - 07/07/2011 02:14:37 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service SHDSERV s'est terminé de façon inattendue pour la 1ème

fois.

 

Error - 07/07/2011 02:14:37 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service Shield Client Service s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 07/07/2011 02:14:38 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service Service de l’iPod s'est terminé de façon inattendue pour

la 1ème fois.

 

Error - 07/07/2011 02:14:38 | Computer Name = VERITON | Source = Service Control Manager | ID = 7034

Description = Le service Secunia Update Agent s'est terminé de façon inattendue

pour la 1ème fois.

 

Error - 07/07/2011 02:17:51 | Computer Name = VERITON | Source = Service Control Manager | ID = 7000

Description = Le service LogMeIn Kernel Information Provider n'a pas pu démarrer

en raison de l'erreur : %%3

 

Error - 07/07/2011 02:18:38 | Computer Name = VERITON | Source = ipnathlp | ID = 30005

Description = L'allocateur DHCP a détecté un serveur DHCP dont l'adresse IP est

192.168.0.254 sur le même réseau que l'interface dont l'adresse IP est 192.168.0.10.

L'allocateur

s'est désactivé sur l'interface pour éviter d'embrouiller les clients DHCP.

 

Error - 07/07/2011 15:44:14 | Computer Name = VERITON | Source = Service Control Manager | ID = 7000

Description = Le service LogMeIn Kernel Information Provider n'a pas pu démarrer

en raison de l'erreur : %%3

 

 

< End of report >

[Vatt]

et enfin le rapport checkup.txt :

 

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

AVG 2011

AVG PC Tuneup 2011

AVG 2011

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Malwarebytes' Anti-Malware

AVG PC Tuneup 2011

CCleaner

Java 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Adobe Reader X (10.1.0) - Français

Mozilla Firefox (x86 fr..) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

[lance_yien]

Bonjour,

 

Il n'y a pas de signes d'infection visible mais un besoin urgent de libérer de l'espace disque.

 

>>> OTL: (Re)brancher (et allumer) tous les médias amovibles disponibles et fermer toute s les applications et fenêtres en cours.

Désactiver les programmes de protection (antivirus etc...) et lancer OTL.

Copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

[2011/05/26 08:39:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com

[2010/01/15 14:58:08 | 000,005,413 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\searchplugins\fast-browser-search.xml

[2011/06/13 22:34:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

 

:Services

 

:Reg

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

--

 

Tes partitions/disques sont là:

Drive C: | 58,59 Gb Total Space | 1,54 Gb Free Space | 2,63% Space Free | Partition Type: NTFS

Drive E: | 94,79 Gb Total Space | 85,16 Gb Free Space | 89,84% Space Free | Partition Type: NTFS

Drive G: | 931,28 Gb Total Space | 822,43 Gb Free Space | 88,31% Space Free | Partition Type: FAT32

Et effectivement le C: est plus que plein par contre il y a de la place à revendre dans les autres.

Je te suggère de transférer le maximum de docs persos sur les autres et désinstaller avec Revo Uninstaller le max de programmes qui ne te servent plus ou peu.

Il faut arriver 15% d'espace libre au lieu des 2,63% actuel.

 

Rapports demandés:

• OTL.txt

Est-ce mieux?

[Vatt]

Bonjour,

ce n'est guère mieux

Voici le nouveau rapport OTL :

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\extensions\engine@conduit.com folder moved successfully.

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\searchplugins\fast-browser-search.xml moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.

C:\WINDOWS\Alcmtr.exe moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de résolution DNS vidé.

C:\Documents and Settings\user\Bureau\cmd.bat deleted successfully.

C:\Documents and Settings\user\Bureau\cmd.txt deleted successfully.

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Scan and Repair.job moved successfully.

C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job moved successfully.

C:\WINDOWS\tasks\User_Feed_Synchronization-{B665E8A7-6B58-4DF5-9070-03606F11A589}.job moved successfully.

File\Folder C:\*.sqm not found.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: user

->Temp folder emptied: 594697 bytes

->Temporary Internet Files folder emptied: 5326060 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 51316645 bytes

->Flash cache emptied: 954 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 589 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 55,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

 

User: user

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.26.1 log created on 07082011_193348

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

Ce que je ne comprends pas c'est qu'en utilisant "TreeSize", voici ce que j'ai :

5.6 GB Windows

2.3 GB Program Files

1.6 GB Documents & Settings

1.5 GB [Files]

=>11 GB au total : il ne me reste encore 49 GB non ?

 

Merci pour votre aide

[lance_yien]

Bonjour,

 

Je ne connais pas ton programme et donc ne sais pas comment il fonctionne pour le calcul d'espace disque. Est-ce que toi-même, tu trouves la même chose en affichant tous les fichiers/dossiers cachés?

--

 

On fait une dernière recherche d'infection dans ta machine après une mise à jour indispensable:

 

>>> Mises à jour: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC:

• Java: Utiliser, IMPÉRATIVEMENT, Internet Explorer pour téléchargez (sur le Bureau) la dernière version qui correspond à votre Système d'exploitation (32 ou 64 bits): Téléchargements Java pour tous les systèmes d'exploitation.
   
  
  

  
   
  Avant l'installation il est important de commencer par supprimer TOUTES les anciennes versions dans votre machine parce qu'elles peuvent contenir des vulnérabilités de sécurité:
  Cliquer sur "Démarrer" => "Panneau de Configuration" => "Ajout/ Suppr des Programmes".
  Chercher, dans la liste les lignes concernant Java (J2SE Runtime Environment.... ) et repérables avec cette icône .
  Sélectionner une ligne à la fois et cliquer sur Modifier/ Supprimer.
  Quand il n'y en a plus fermez tout et installez la nouvelle version en cliquant sur le fichier que vous avez téléchargé.

Please, let me know how the updates went. This is important because any problem in updating may indicate more malware present in your system.

 

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau ComboFix© (par sUBs) depuis ici ou ici

Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

 

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

[Vatt]

Bonjour,

oui j'ai les mêmes chiffres en affichant tous les fichiers/dossiers cachés.

j'ai réinstallé Java.

En revanche petit souci avec ComboFix car il me demande de désinstaller totalement AVG et/ou d'utiliser un autre programme ??

Que dois je faire ?

[lance_yien]

Re,

 

Exacte, ils ne s'aiment pas tous les deux et j'ai oublié de le dire, désolé!

 

Pour désinstaller AVG proprement, utiliser AppRemover (cliquer sur "Download now" dans la page qui s'ouvre).

décocher "Enable anonymous usage statistic".

Redémarrer la machine et exécuter CF (ComboFix) comme indiqué dans le post précédent.

 

Ne réinstalle pas AVG tout de suite au cas où on a encore besoin de CF. En attendant, sois prudent où tu vas sur le Net.

[Vatt]

Bonsoir,

J'ai enfin réussi à désinstaller AVG11 et installer ComboFix.

Voici le rapport de ce dernier :

 

ComboFix 11-07-09.02 - user 09/07/2011 22:38:22.1.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2022.1567 [GMT 2:00]

Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\LocalService\Application Data\SYSTEM3SQLite3.dll

c:\documents and settings\user\Application Data\user3SQLite3.dll

c:\documents and settings\user\WINDOWS

c:\windows\system32\$winnt$.inf

c:\windows\system32\_004332_.tmp.dll

c:\windows\system32\AutoRun.inf

c:\windows\system32\windir

c:\windows\vb.ini

G:\Autorun.inf

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-06-09 au 2011-07-09 ))))))))))))))))))))))))))))))))))))

.

.

2011-07-09 13:53 . 2011-07-09 13:53 -------- d-----w- c:\program files\Fichiers communs\Java

2011-07-09 13:53 . 2011-07-09 13:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-09 13:52 . 2011-07-09 13:52 -------- d-----w- c:\program files\Java

2011-07-09 13:18 . 2011-07-09 13:22 -------- dc-h--w- c:\windows\ie8

2011-07-08 17:57 . 2011-07-08 17:57 -------- d-----w- c:\program files\Revo Uninstaller

2011-07-08 17:46 . 2011-07-08 17:46 -------- d-----w- c:\program files\TreeSize Free

2011-07-08 17:33 . 2011-07-08 17:33 -------- dc----w- C:\_OTL

2011-07-07 19:52 . 2011-07-07 19:52 512 -c--a-w- C:\PhysicalMBR.bin

2011-07-06 20:33 . 2011-07-08 17:46 -------- d-----w- c:\documents and settings\user\Application Data\JAM Software

2011-07-06 18:58 . 2011-07-07 06:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-24 19:48 . 2011-06-24 19:48 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-24 19:48 . 2011-06-24 19:48 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-19 20:33 . 2011-06-19 20:33 -------- d-----w- c:\documents and settings\user\Application Data\gtk-2.0

2011-06-19 20:31 . 2011-06-19 20:31 -------- d-----w- c:\documents and settings\user\.thumbnails

2011-06-19 20:29 . 2011-06-19 20:38 -------- d-----w- c:\documents and settings\user\.gimp-2.6

2011-06-19 20:28 . 2011-06-19 20:53 -------- d-----w- c:\program files\GIMP-2.0

2011-06-18 20:00 . 2011-06-18 20:00 -------- d-----w- c:\documents and settings\user\Application Data\com.socialbox.socialbox

2011-06-18 20:00 . 2011-06-18 20:00 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR

2011-06-17 18:59 . 2011-06-17 19:00 -------- d-----w- c:\program files\Fichiers communs\Adobe

2011-06-14 22:00 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-13 21:53 . 2011-06-13 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2011-06-11 14:12 . 2011-06-11 14:30 -------- d-----w- c:\documents and settings\user\Application Data\ImgBurn

2011-06-10 19:18 . 2011-06-10 19:18 -------- d-----w- c:\program files\iPod

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 13:52 . 2011-05-28 21:16 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-23 18:24 . 2011-05-25 05:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-16 08:00 . 2011-05-25 19:53 73216 ----a-w- c:\windows\system32\ff_vfw.dll

2011-06-02 00:15 . 2011-05-25 19:53 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-02 00:10 . 2011-05-25 19:53 644608 ----a-w- c:\windows\system32\xvidcore.dll

2011-05-10 06:06 . 2010-01-13 12:26 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 06:06 . 2010-01-13 12:26 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-02 15:31 . 2008-06-21 19:59 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-05 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-05 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 05:58 . 2011-04-26 05:58 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-25 16:06 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:06 . 2004-08-05 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:06 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-05 12:00 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-05 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-06-24 19:48 . 2011-05-24 20:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]

"shield"="c:\program files\Shield\shieldtray.exe" [2007-07-25 3719168]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]

Secunia PSI Tray.lnk - c:\program files\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-12-08 12:11 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\NewsBin\\nbpro.exe"=

"c:\\Documents and Settings\\LocalService\\Application Data\\WinDir\\Svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 shdbus;shdbus;c:\windows\system32\drivers\SHDBUS.sys [25/07/2007 13:41 2944]

R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [25/07/2007 13:41 63232]

R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [25/07/2007 13:41 17664]

R0 shieldm;shieldm;c:\windows\system32\drivers\Shieldm.sys [25/07/2007 13:41 26112]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\PSI\psia.exe [19/04/2011 08:44 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\PSI\sua.exe [19/04/2011 08:44 399416]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 10:30 15544]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]

S2 ShieldClientService;Shield Client Service;c:\program files\Shield\shieldclnt.exe [25/07/2007 13:38 45056]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contenu du dossier 'Tâches planifiées'

.

2011-07-09 c:\windows\Tasks\User_Feed_Synchronization-{B665E8A7-6B58-4DF5-9070-03606F11A589}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://news.google.fr/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\al7o2lfo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://fr.news.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-09 22:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600 Disk: Hitachi_HDS721616PLA380 rev.P22OA70A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

copy of MBR has been found in sector 22 !

copy of MBR has been found in sector 23 !

.

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'winlogon.exe'(2000)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Heure de fin: 2011-07-09 22:45:57

ComboFix-quarantined-files.txt 2011-07-09 20:45

.

Avant-CF: 1 569 898 496 octets libres

Après-CF: 1 566 720 000 octets libres

.

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - 966A953B89F5612D2FE22B7325E0F515

 

Merci